QEMU

  1. Bug #1844635
  2. Comment #3

Comment 3 for bug 1844635

Revision history for this message
Thomas Huth (th-huth) wrote :

I can't reproduce the issue with your "poc" binary here. Which version of QEMU were you exactly using? Can you reproduce it with the latest version from the master branch?

Also there is already a size check some lines earlier:

        if ((d + l) > (dest + size)) {
            l = dest - d;
        }

Isn't that sufficient?

Also please explain how this vulnerability could be exploited? The code patch is not triggered by the guest, is it?