* **Security**
+ * ``CVE-2024-1441``: Fix off-by-one error leading to a crash
+
+ In **libvirt-1.0.0** there were couple of interface listing APIs
+ introduced which had an off-by-one error. That error could lead to a
+ very rare crash if an array was passed to those functions which did
+ not fit all the interfaces.
+
+ In **libvirt-5.10** a check for non-NULL arrays has been adjusted to
+ allow for NULL arrays with size 0 instead of rejecting all NULL
+ arrays. However that made the above issue significantly worse since
+ that off-by-one error now did not write beyond an array, but
+ dereferenced said NULL pointer making the crash certain in a
+ specific scenario in which a NULL array of size 0 was passed to the
+ aforementioned functions.
+
* **Removed features**
* **New features**
g_autoptr(virInterfaceDef) def = NULL;
/* Ensure we won't exceed the size of our array */
- if (count > names_len)
+ if (count >= names_len)
break;
path = udev_list_entry_get_name(dev_entry);
projects / libvirt.git / commitdiff