[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH-for-5.0 1/2] hw/display/sm501: Avoid heap overflow in sm501_2
From: |
Peter Maydell |
Subject: |
Re: [PATCH-for-5.0 1/2] hw/display/sm501: Avoid heap overflow in sm501_2d_operation() |
Date: |
Sun, 12 Apr 2020 21:57:58 +0100 |
On Sun, 12 Apr 2020 at 21:53, Philippe Mathieu-Daudé <address@hidden> wrote:
> "VMs using KVM" as security boundary is very clear, thanks.
>
> Note 1: This this doesn't appear on the QEMU security process
> description: https://www.qemu.org/contribute/security-process/
It's part of the list of how to decide whether an issue is
security sensitive:
"Is QEMU used in conjunction with a hypervisor (as opposed
to TCG binary translation)?"
We also document it in the user manuals now (a relatively
recent improvement):
https://www.qemu.org/docs/master/system/security.html#non-virtualization-use-case
> Note 2: If a reported bug is not in security boundary, it should be
> reported as a bug to mainstream QEMU, to give the community a chance to
> fix it.
Yes; bugs are still bugs.
thanks
-- PMM