Re: [PATCH spice-gtk] channel: switch to protocol 1 on error during link-time

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Dec 17, 2012 at 06:31:52AM -0500, Marc-André Lureau wrote:
> Hi
> 
> ----- Mensaje original -----
> > >      c->peer_msg = spice_malloc(c->peer_hdr.size);
> > >      if (c->peer_msg == NULL) {
> > > -        g_critical("invalid peer header size: %u",
> > > c->peer_hdr.size);
> > > +        g_warning("invalid peer header size: %u",
> > > c->peer_hdr.size);
> > >          goto error;
> > >      }
> > 
> > This whole check is not needed as spice_malloc will abort on
> > allocation failures anyway.
> > Looks good otherwise,
> > 
> 
> See 06caae141c9bf30cd5271daf6af9ea0280ba1d5b for rationale:
> 
>     do not segfault if link message header size is set to 0
>     
>     https://bugs.freedesktop.org/show_bug.cgi?id=41988

This would deserve a comment explaining why we are doing that. And it's
probably still possible to crash the client by sending -1 as the link
message header size.

Christophe

Attachment: pgpzFWwrb1cW6.pgp
Description: PGP signature

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]