On Tue, Feb 28, 2012 at 9:47 AM, Kevin Wolf <[email protected]> wrote: > Am 28.02.2012 10:33, schrieb Stefan Hajnoczi: >> On Mon, Feb 27, 2012 at 4:27 PM, Kevin Wolf <[email protected]> wrote: >>> + if (ext.len > 65536) { >>> + error_report("Header extension larger than 64k - this looks >>> wrong"); >>> + return -ENOTSUP; >>> + } >> >> This is an implementation limit and not in the spec, but I think it's >> reasonable. >> >> Reviewed-by: Stefan Hajnoczi <[email protected]> > > Hm, actually, now that I look at this patch again, I think there's a > much better error condition that even matches the spec: > > if (offset + ext.len > end_offset)
Careful, integer overflow. Stefan
