qemu-ppc
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH-for-5.0 1/2] hw/display/sm501: Avoid heap overflow in sm501_2

From: Peter Maydell
Subject: Re: [PATCH-for-5.0 1/2] hw/display/sm501: Avoid heap overflow in sm501_2d_operation()
Date: Sun, 12 Apr 2020 21:57:58 +0100 
On Sun, 12 Apr 2020 at 21:53, Philippe Mathieu-Daudé <address@hidden> wrote:
> "VMs using KVM" as security boundary is very clear, thanks.
>
> Note 1: This this doesn't appear on the QEMU security process
> description: https://www.qemu.org/contribute/security-process/

It's part of the list of how to decide whether an issue is
security sensitive:
 "Is QEMU used in conjunction with a hypervisor (as opposed
  to TCG binary translation)?"

We also document it in the user manuals now (a relatively
recent improvement):
 
https://www.qemu.org/docs/master/system/security.html#non-virtualization-use-case

> Note 2: If a reported bug is not in security boundary, it should be
> reported as a bug to mainstream QEMU, to give the community a chance to
> fix it.

Yes; bugs are still bugs.

thanks
-- PMM
reply via email to
[Prev in Thread] Current Thread [Next in Thread]