On Tue, Feb 28, 2012 at 9:47 AM, Kevin Wolf <kw...@redhat.com> wrote:
> Am 28.02.2012 10:33, schrieb Stefan Hajnoczi:
>> On Mon, Feb 27, 2012 at 4:27 PM, Kevin Wolf <kw...@redhat.com> wrote:
>>> + if (ext.len > 65536) {
>>> + error_report("Header extension larger than 64k - this looks
>>> wrong");
>>> + return -ENOTSUP;
>>> + }
>>
>> This is an implementation limit and not in the spec, but I think it's
>> reasonable.
>>
>> Reviewed-by: Stefan Hajnoczi <stefa...@linux.vnet.ibm.com>
>
> Hm, actually, now that I look at this patch again, I think there's a
> much better error condition that even matches the spec:
>
> if (offset + ext.len > end_offset)
Careful, integer overflow.
Stefan
