> -Original Message-
> From: Peter Maydell [mailto:peter.mayd...@linaro.org]
> Sent: Tuesday, November 10, 2020 11:30 PM
> To: Chenqun (kuhn)
> Cc: QEMU Developers ; QEMU Trivial
> ; Yoshinori Sato ;
> Zhanghailiang ; ganqixin
> ; Euler Robot
> Subject: Re
On Thu, 5 Nov 2020 at 07:08, Chen Qun wrote:
>
> When 'j = icu->nr_sense – 1', the 'j < icu->nr_sense' condition is true,
> then 'j = icu->nr_sense', the'icu->init_sense[j]' has out-of-bounds access.
Yes, this is a bug...
> Maybe this could lead to some security problems.
...but it's not a secu
Ping,
Fix: e78597cc457ff7611
Maybe this bug needs to qemu-5.2 version.
The "icu->nr_sense" is array length. It's a typical out-of-bounds array bug.
Thanks,
Chen Qun
> -Original Message-
> From: Chenqun (kuhn)
> Sent: Thursday, November 5, 2020 3:06 PM
> To: qemu-devel@nongnu.org; qem
