Hi On Tue, Jul 17, 2012 at 4:30 PM, Christophe Fergeau <cfergeau@xxxxxxxxxx> wrote: > Yeah I know there are many worrying places, for new code and new protocol > additions, it would be nice to start thinking about this... > I'm not seeing this as a blocking issue, but this is getting more and more > scary nonetheless... I don't think you have reasons to be worried here. What will a browser do if it receives a message or say an image with a gigantic size? it will probably keep reading an decoding it, until you run out of RAM, no? That's the same for Spice. Checking server sizes doesn't make sense. Checking out-of-bounds of memory / array lead by a decoding logic (no matter how deep in the code) is what we should be careful about (think about dictionnaries, or cache etc). There is nothing wrong in OOM if the server tells us we have 1024 maximum monitors on the guest for example, although this is very unlikely, and that's why the code allocated the widget ahead of time, becausein general, you won't have > 4 anyway. If really we get into this situation, we can allocate monitors widget on-demand. But I really don't think it's necessary here. And it's easy enough for the guest to enable all of them at once, so that wouldn't protect against that for example. -- Marc-André Lureau
