Hi On Tue, Jul 17, 2012 at 5:09 PM, Christophe Fergeau <cfergeau@xxxxxxxxxx> wrote: > Ok, so monitors_max is a guint, the second argument to g_ptr_array_set_size > is a gint, and the GPtrArray code doesn't seem to handle. A quick reading > of GPtrArray code didn't make me feel confident that it would do the right > thing when size > G_INT_MAX / sizeof(void *), which could cause a buffer > overflow when very huge values are used (I haven't carefully checked that). G_INT_MAX / sizeof(void *) ? where did you get the / sizeof(void*) from? Eh ok, so you want to check if max_monitors > G_INT_MAX.. :) a very unlikely condition that will crash the client anyway. But fine by me. >> There is nothing wrong in OOM if the server tells us we have 1024 >> maximum monitors on the guest for example, > > Is this max value coming from the server, or is it the guest qxl driver > telling the server about how many monitors it supports? It's configured at xorg level, with NumHeads option, defaulting to 4. -- Marc-André Lureau
