On Mon, Dec 17, 2012 at 06:31:52AM -0500, Marc-André Lureau wrote:
> Hi
>
> ----- Mensaje original -----
> > > c->peer_msg = spice_malloc(c->peer_hdr.size);
> > > if (c->peer_msg == NULL) {
> > > - g_critical("invalid peer header size: %u",
> > > c->peer_hdr.size);
> > > + g_warning("invalid peer header size: %u",
> > > c->peer_hdr.size);
> > > goto error;
> > > }
> >
> > This whole check is not needed as spice_malloc will abort on
> > allocation failures anyway.
> > Looks good otherwise,
> >
>
> See 06caae141c9bf30cd5271daf6af9ea0280ba1d5b for rationale:
>
> do not segfault if link message header size is set to 0
>
> https://bugs.freedesktop.org/show_bug.cgi?id=41988This would deserve a comment explaining why we are doing that. And it's probably still possible to crash the client by sending -1 as the link message header size. Christophe
pgpRmHrkUiYb3.pgp
Description: PGP signature
_______________________________________________ Spice-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/spice-devel
