subject:"\[PULL 4\/6\] usb\/redir\: avoid dynamic stack allocation \(CVE\-2021\-3527\)"

Re: [PULL 4/6] usb/redir: avoid dynamic stack allocation (CVE-2021-3527)

2021-05-05 Thread Gerd Hoffmann

On Wed, May 05, 2021 at 03:29:10PM +0200, Remy Noel wrote: > On Wed, May 05, 2021 at 03:07:14PM +0200, Gerd Hoffmann wrote: > > [...] > > diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c > > index 17f06f34179a..6a75b0dc4ab2 100644 > > --- a/hw/usb/redirect.c > > +++ b/hw/usb/redirect.c > > @@ -62

Re: [PULL 4/6] usb/redir: avoid dynamic stack allocation (CVE-2021-3527)

2021-05-05 Thread Remy Noel

On Wed, May 05, 2021 at 03:07:14PM +0200, Gerd Hoffmann wrote: [...] diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c index 17f06f34179a..6a75b0dc4ab2 100644 --- a/hw/usb/redirect.c +++ b/hw/usb/redirect.c @@ -620,7 +620,7 @@ static void usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket

[PULL 4/6] usb/redir: avoid dynamic stack allocation (CVE-2021-3527)

2021-05-05 Thread Gerd Hoffmann

Use autofree heap allocation instead. Fixes: 4f4321c11ff ("usb: use iovecs in USBPacket") Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Gerd Hoffmann Tested-by: Philippe Mathieu-Daudé Message-Id: <20210503132915.2335822-3-kra...@redhat.com> --- hw/usb/redirect.c | 6 +++--- 1 file changed