[Spice-devel] [PATCH spice-gtk v3 1/6] display-gst: check codec type before creating decoder
Christophe Fergeau
cfergeau at redhat.com
Thu Jun 8 10:43:53 UTC 2017
On Thu, Jun 08, 2017 at 12:36:49PM +0200, Victor Toso wrote:
> > In this case, it seems the user could trigger this warning by sending
> > an invalid codec type in a SpiceMsgDisplayStreamCreate message?
>
> Wouldn't that be a bug? As client has capabilities to explicit say to
> Spice which video codecs it can handle Spice shouldn't try to create a
> video stream with unsupported video codec.
A bug in which component? I consider data coming from the network as
"user data", as a well-behaved client should not do that, but we could
be fed anything from buggy, hostile, ... clients.
If spice-server code does not enforce that the data in this message is
valid before this g_return_if_fail(), then imo the g_return_if_fail()
can be triggered by user-provided data.
Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/spice-devel/attachments/20170608/7baa30e9/attachment.sig>
More information about the Spice-devel
mailing list