On 11/28/20 9:59 PM, Peter Maydell wrote:
> On Fri, 27 Nov 2020 at 15:45, Philippe Mathieu-Daudé <philmd@redhat.com> wrote:
>>
>> Hi,
>>
>> This is a simple attempt to avoid the following pattern:
>>
>> ssize_t pkt_size = get_pkt_size(); // returns errno
>>
>> // no check
>>
>> send_packet(size_t size=pkt_size); // size casted to unsigned
>> // -> overflow
>
> "RFC" and "for-5.2" are not a great combination at this point :-(
"RFC" because I don't understand all the effects this assert
can have. "for-5.2" because it was raised as a security bug,
but I don't have access to the information, so I can not see
the big picture.
> What are the consequences if we don't put this patchset in 5.2?
Jason suggested to postpone this. If this is security important,
we can release a 5.2.1-stable tag early I suppose.
Regards,
Phil.