|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] bunzip2: off by one in get_next_block()
On Wed, 2015-01-28 at 15:24 +0000, Jan Beulich wrote: > "origPtr" is used as an offset into the bd->dbuf[] array. That array is > allocated in start_bunzip() and has "bd->dbufSize" number of elements so > the test here should be >= instead of >. > > Later we check "origPtr" again before using it as an offset so I don't > know if this bug can be triggered in real life. > > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > > Trivial adjustments to make the respective Linux commit > b5c8afe5be51078a979d86ae5ae78c4ac948063d apply to Xen. > > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |