[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PULL v3 1/3] replay: add record/replay for audio passt
|
From: |
Peter Maydell |
|
Subject: |
Re: [Qemu-devel] [PULL v3 1/3] replay: add record/replay for audio passthrough |
|
Date: |
Tue, 8 May 2018 17:53:49 +0100 |
On 27 April 2018 at 13:28, Pavel Dovgalyuk <address@hidden> wrote:
>> From: Peter Maydell [mailto:address@hidden
>> Hi. Coverity produces a new warning because of this change (CID1390632),
>> because it treats the replay file as "tainted data", and complains
>> that we trust a value from the file to become a sample count
>> passed to audio_capture_mix_and_clear() and eventually used as
>> a byte count for a memset.
>>
>> Do we trust the replay file to be non-malicious (making this
>> a false-positive), or not (in which case we need to sanitize
>> or check its contents somehow) ?
>
> Replay file is generated by QEMU and does not affected by the guest system
> directly.
> This file is used by the developer himself (e.g., recording and replaying
> execution
> on the same machine for the analysis or debugging).
> Replay file can also be used by testers for bug reporting (e.g., to send bug
> reproduction scenario to the developer).
>
> In the case of transferring the file it can be used as an exploit.
> But I cannot judge is it a real threat or just inessential one.
Thanks for the explanation. I think we should consider the
replay file to be trusted -- it's a developer convenience, it's
only relevant to TCG, and it's not something that's going to
typically be passed around. I'll mark the relevant Coverity
complaints as false-positives.
-- PMM
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Qemu-devel] [PULL v3 1/3] replay: add record/replay for audio passthrough,
Peter Maydell <=