Keir,
Thanks; yes, we see no way to unravel it. I'm just paranoid.
Sincerely,
John
On Jun 10, 2011, at 3:30 AM, Keir Fraser wrote:
> On 09/06/2011 16:49, "John McDermott (U.S. Navy Employee)"
> <john.mcdermott@xxxxxxxxxxxx> wrote:
>
>> Xen Developers,
>>
>> In C function cpu_add(), in xen/arch/x86/smpboot.c, if acpi_id ==
>> MAX_MADT_ENTRIES, won't this write past the end of array
>> x86_acpiid_toapicid[MAX_MADT_ENTRIES]? I am looking at xen-unstable. It looks
>> like the guard is not catching this 1 case?
>
> Fixed in xen-unstable:23505. Fortunately this function is only accessible
> from the TCB so it's not exploitable.
>
> Thanks,
> -- Keir
>
>> Sincerely,
>>
>> John McDermott
>> ----
>> What is the formal meaning of the one-line program
>> #include "/dev/tty"
>>
>> J.P. McDermott building 12
>> Code 5542 mcdermott@xxxxxxxxxxxxxxxx
>> Naval Research Laboratory voice: +1 202.404.8301
>> Washington, DC 20375, US fax: +1 202.404.7942
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@xxxxxxxxxxxxxxxxxxx
>> http://lists.xensource.com/xen-devel
>
----
What is the formal meaning of the one-line program
#include "/dev/tty"
J.P. McDermott building 12
Code 5542 mcdermott@xxxxxxxxxxxxxxxx
Naval Research Laboratory voice: +1 202.404.8301
Washington, DC 20375, US fax: +1 202.404.7942
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|