Pierre Morel writes:
> In vfio_listener_region_add(), we try to validate that the region is not
> zero sized and hasn't overflowed the addresses space.
>
> But the calculation uses the size of the region instead of
> using the region's limit (size - 1).
>
> This leads
On 01/27/2016 06:43 PM, Alex Williamson wrote:
On Wed, 2016-01-27 at 10:28 +0100, Pierre Morel wrote:
On 01/26/2016 06:00 PM, Alex Williamson wrote:
On Tue, 2016-01-26 at 15:51 +0100, Pierre Morel wrote:
On 01/22/2016 11:19 PM, Alex Williamson wrote:
On Fri, 2016-01-22 at 15:14 -0700,
On Wed, 2016-01-27 at 10:28 +0100, Pierre Morel wrote:
>
> On 01/26/2016 06:00 PM, Alex Williamson wrote:
> > On Tue, 2016-01-26 at 15:51 +0100, Pierre Morel wrote:
> > > On 01/22/2016 11:19 PM, Alex Williamson wrote:
> > > > On Fri, 2016-01-22 at 15:14 -0700, Alex Williamson wrote:
> > > > > On
On 01/26/2016 06:00 PM, Alex Williamson wrote:
On Tue, 2016-01-26 at 15:51 +0100, Pierre Morel wrote:
On 01/22/2016 11:19 PM, Alex Williamson wrote:
On Fri, 2016-01-22 at 15:14 -0700, Alex Williamson wrote:
On Thu, 2016-01-21 at 14:15 +0100, Pierre Morel wrote:
On 01/20/2016 04:46 PM, Alex
On 01/22/2016 11:19 PM, Alex Williamson wrote:
On Fri, 2016-01-22 at 15:14 -0700, Alex Williamson wrote:
On Thu, 2016-01-21 at 14:15 +0100, Pierre Morel wrote:
On 01/20/2016 04:46 PM, Alex Williamson wrote:
On Wed, 2016-01-20 at 16:14 +0100, Pierre Morel wrote:
On 01/12/2016 07:16 PM, Alex
On Tue, 2016-01-26 at 15:51 +0100, Pierre Morel wrote:
>
> On 01/22/2016 11:19 PM, Alex Williamson wrote:
> > On Fri, 2016-01-22 at 15:14 -0700, Alex Williamson wrote:
> > > On Thu, 2016-01-21 at 14:15 +0100, Pierre Morel wrote:
> > > > On 01/20/2016 04:46 PM, Alex Williamson wrote:
> > > > > On
On Thu, 2016-01-21 at 14:15 +0100, Pierre Morel wrote:
>
> On 01/20/2016 04:46 PM, Alex Williamson wrote:
> > On Wed, 2016-01-20 at 16:14 +0100, Pierre Morel wrote:
> > > On 01/12/2016 07:16 PM, Alex Williamson wrote:
> > > > On Tue, 2016-01-12 at 16:11 +0100, Pierre Morel wrote:
> > > > > In
On Fri, 2016-01-22 at 15:14 -0700, Alex Williamson wrote:
> On Thu, 2016-01-21 at 14:15 +0100, Pierre Morel wrote:
> >
> > On 01/20/2016 04:46 PM, Alex Williamson wrote:
> > > On Wed, 2016-01-20 at 16:14 +0100, Pierre Morel wrote:
> > > > On 01/12/2016 07:16 PM, Alex Williamson wrote:
> > > > >
On 01/20/2016 04:46 PM, Alex Williamson wrote:
On Wed, 2016-01-20 at 16:14 +0100, Pierre Morel wrote:
On 01/12/2016 07:16 PM, Alex Williamson wrote:
On Tue, 2016-01-12 at 16:11 +0100, Pierre Morel wrote:
In vfio_listener_region_add(), we try to validate that the region
is
not
zero sized and
On 01/12/2016 07:16 PM, Alex Williamson wrote:
On Tue, 2016-01-12 at 16:11 +0100, Pierre Morel wrote:
In vfio_listener_region_add(), we try to validate that the region is
not
zero sized and hasn't overflowed the addresses space.
But the calculation uses the size of the region instead of
On Wed, 2016-01-20 at 16:14 +0100, Pierre Morel wrote:
>
> On 01/12/2016 07:16 PM, Alex Williamson wrote:
> > On Tue, 2016-01-12 at 16:11 +0100, Pierre Morel wrote:
> > > In vfio_listener_region_add(), we try to validate that the region
> > > is
> > > not
> > > zero sized and hasn't overflowed
In vfio_listener_region_add(), we try to validate that the region is not
zero sized and hasn't overflowed the addresses space.
But the calculation uses the size of the region instead of
using the region's limit (size - 1).
This leads to Int128 overflow when the region has
been initialized to
On Tue, 2016-01-12 at 16:11 +0100, Pierre Morel wrote:
> In vfio_listener_region_add(), we try to validate that the region is
> not
> zero sized and hasn't overflowed the addresses space.
>
> But the calculation uses the size of the region instead of
> using the region's limit (size - 1).
>
>
13 matches
Mail list logo