On Tue, Jul 17, 2012 at 03:02:46PM +0200, Marc-André Lureau wrote: > On Tue, Jul 17, 2012 at 2:52 PM, Christophe Fergeau <cfergeau@xxxxxxxxxx> wrote: > > I'm concerned about malicious payload putting a huge number there for a > > nasty purpose. Moreover, is this value coming from the server, or is it > > coming from the qxl driver in the guest? > > > I don't think this is a concern here. You might worry about a lot of > other parts of spice then.. In general, it can be very hard to verify > integrity, I'm indeed worried about the day when someone starts actively fuzzing the spice protocol... > and I guess we rely on lower level of the stack to do that for us. Except I'm not sure any part of the stack is doing this for us, is there such a part? In this specific case, the protocol can handle an arbitrary number of monitors as I understand it, it's the client code that cannot handle too many monitors, so limiting the number of monitors here would make sense. It's an issue I wanted to raise, I'm not saying this must be fixed in this patch. Christophe
Attachment:
pgpITfLnOSwXb.pgp
Description: PGP signature
