[Spice-devel] [PATCH spice-gtk] channel: switch to protocol 1 on error during link-time

Christophe Fergeau cfergeau at redhat.com
Mon Dec 17 03:43:12 PST 2012


On Mon, Dec 17, 2012 at 06:31:52AM -0500, Marc-André Lureau wrote:
> Hi
> 
> ----- Mensaje original -----
> > >      c->peer_msg = spice_malloc(c->peer_hdr.size);
> > >      if (c->peer_msg == NULL) {
> > > -        g_critical("invalid peer header size: %u",
> > > c->peer_hdr.size);
> > > +        g_warning("invalid peer header size: %u",
> > > c->peer_hdr.size);
> > >          goto error;
> > >      }
> > 
> > This whole check is not needed as spice_malloc will abort on
> > allocation failures anyway.
> > Looks good otherwise,
> > 
> 
> See 06caae141c9bf30cd5271daf6af9ea0280ba1d5b for rationale:
> 
>     do not segfault if link message header size is set to 0
>     
>     https://bugs.freedesktop.org/show_bug.cgi?id=41988

This would deserve a comment explaining why we are doing that. And it's
probably still possible to crash the client by sending -1 as the link
message header size.

Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20121217/d4af269b/attachment.pgp>


More information about the Spice-devel mailing list