Hi,
I can still trigger stack-overflows, heap-UAFs and heap-overflows in the
code, but Mark's patches fixed some of the issues. I didn't want to
flood the issue-tracker with further problems in this code, since it
isn't clear what the security expectations are for this device. Of
course it is only a matter of time until someone sends more reports to
qemu-security.
Mark, do you want me to provide more reproducers for this device?
-Alex
Hi,
I can still trigger stack-overflows, heap-UAFs and heap-overflows in the
code, but Mark's patches fixed some of the issues. I didn't want to
flood the issue-tracker with further problems in this code, since it
isn't clear what the security expectations are for this device. Of
course it is only a matter of time until someone sends more reports to
qemu-security.
Mark, do you want me to provide more reproducers for this device?
-Alex