[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [virt-tools-list] [PATCH virt-viewer 15/19] Hook up handling of Monitors


On Tue, Jul 17, 2012 at 4:30 PM, Christophe Fergeau <cfergeau redhat com> wrote:
> Yeah I know there are many worrying places, for new code and new protocol
> additions, it would be nice to start thinking about this...
> I'm not seeing this as a blocking issue, but this is getting more and more
> scary nonetheless...

I don't think you have reasons to be worried here. What will a browser
do if it receives a message or say an image with a gigantic size? it
will probably keep reading an decoding it, until you run out of RAM,
no? That's the same for Spice. Checking server sizes doesn't make
sense. Checking out-of-bounds of memory / array lead by a decoding
logic (no matter how deep in the code) is what we should be careful
about (think about dictionnaries, or cache etc).

There is nothing wrong in OOM if the server tells us we have 1024
maximum monitors on the guest for example, although this is very
unlikely, and that's why the code allocated the widget ahead of time,
becausein general, you won't have > 4 anyway. If really we get into
this situation, we can allocate monitors widget on-demand. But I
really don't think it's necessary here. And it's easy enough for the
guest to enable all of them at once, so that wouldn't protect against
that for example.

Marc-André Lureau

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]