Commit a08aaff8 authored Jan 03, 2017 by Gonglei Committed by Michael S. Tsirkin Jan 10, 2017

virtio-crypto: fix possible integer and heap overflow



Because the 'size_t' type is 4 bytes in 32-bit platform, which
is the same with 'int'. It's easy to make 'max_len' to zero when
integer overflow and then cause heap overflow if 'max_len' is zero.

Using uint_64 instead of size_t to avoid the integer overflow.

Cc: qemu-stable@nongnu.org
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Tested-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

parent 8cdcf3c1

Show whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit d6f11947
· Dec 16, 2019

mentioned in commit d6f11947

mentioned in commit d6f119475d3c9c913f9140771895036be66d5c33

Toggle commit list

Please register or to comment