[Spice-devel] [PATCH spice] server: don't assert on invalid client message
Uri Lublin
uril at redhat.com
Wed Jun 25 09:23:12 PDT 2014
On 06/25/2014 03:36 PM, Marc-André Lureau wrote:
> Some users have been reaching this error:
> snd_receive: ASSERT n failed
>
> A misbehaving client could easily hit that condition by sending too big
> messages. Instead of assert(), replace with a warning. When a message
> too big to fit is received, it will simply disconnect the channel.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=962187
> ---
> server/snd_worker.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/server/snd_worker.c b/server/snd_worker.c
> index 7d52ded..70148b7 100644
> --- a/server/snd_worker.c
> +++ b/server/snd_worker.c
> @@ -421,7 +421,7 @@ static void snd_receive(void* data)
> for (;;) {
> ssize_t n;
> n = channel->receive_data.end - channel->receive_data.now;
> - spice_assert(n);
> + spice_warn_if(n <= 0);
> n = reds_stream_read(channel->stream, channel->receive_data.now, n);
> if (n <= 0) {
> if (n == 0) {
Ack.
If n is 0, it will disconnect the channel and return, in following lines
not shown here.
If n < 0 (if possible), there is going to be a problem
(signed->unsigned). But that problem already exists
in the current code too.
More information about the Spice-devel
mailing list