On Mon, Apr 28, 2014 at 11:08 PM, Michael S. Tsirkin m...@redhat.com wrote:
CVE-2013-4537
s-arglen is taken from wire and used as idx
in ssi_sd_transfer().
Validate it before access.
So I'm wondering what the policy here is on validation. Do you only
need to catch the cases that can cause
CVE-2013-4537
s-arglen is taken from wire and used as idx
in ssi_sd_transfer().
Validate it before access.
Signed-off-by: Michael S. Tsirkin m...@redhat.com
---
hw/sd/ssi-sd.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/hw/sd/ssi-sd.c b/hw/sd/ssi-sd.c
index 3273c8a..b012e57