[Spice-devel] [PATCH spice-gtk] Run-time check monitor per display count <= 256
Marc-André Lureau
mlureau at redhat.com
Wed Jul 18 08:06:26 PDT 2012
----- Mensaje original -----
> Hi Marc-Andre,
>
> On 07/18/2012 02:15 PM, Marc-André Lureau wrote:
> > Limit range of monitors, to avoid potential crashes lead by invalid
> > received MonitorConfig values (could be misconfigured or
> > misbehaving
> > guest)
> >
> > This is a a client-side implementation limitation. Eventually, the
> > range could be inscreased (or unlimited == 0) in the future...
>
> To me, it seems safer to just ignore such messages.
> If the values of config->max_allowed or config->count are wrong why
> do you trust config->heads ?
It's not wrong, it might be fine (perhaps). It's an implementation limitation on spice-gtk and code above.
> But since the patch does provide a little bit safer spice-gtk, ack.
A very tiny tiny little bit, imho, not worth it, but not really harmful either,...
As you may agree and said elsewhere, there are many more places where the client just follow whatever the server sends, except we should try our best to not do out of bound array access and such like. Imho, the server code is much more sensitive in this area than the client.
More information about the Spice-devel
mailing list