On Tue, Jul 17, 2012 at 2:52 PM, Christophe Fergeau <cfergeau@xxxxxxxxxx> wrote: > I'm concerned about malicious payload putting a huge number there for a > nasty purpose. Moreover, is this value coming from the server, or is it > coming from the qxl driver in the guest? I don't think this is a concern here. You might worry about a lot of other parts of spice then.. In general, it can be very hard to verify integrity, and I guess we rely on lower level of the stack to do that for us. -- Marc-André Lureau
