"Michael S. Tsirkin" wrote:
> Correct post load checks:
> 1. dev->setup_len == sizeof(dev->data_buf)
> seems fine, no need to fail migration
> 2. When state is DATA, passing index > len
>will cause memcpy with negative length,
>resulting in heap overflow
>
> First of the issues was rep
Correct post load checks:
1. dev->setup_len == sizeof(dev->data_buf)
seems fine, no need to fail migration
2. When state is DATA, passing index > len
will cause memcpy with negative length,
resulting in heap overflow
First of the issues was reported by dgilbert.
Reported-by: "Dr. David
