From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NLP9O-00054P-Q9
	for qemu-devel@nongnu.org; Thu, 17 Dec 2009 17:48:50 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1NLP9J-000506-O7
	for qemu-devel@nongnu.org; Thu, 17 Dec 2009 17:48:50 -0500
Received: from [199.232.76.173] (port=52472 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NLP9J-0004zs-E3
	for qemu-devel@nongnu.org; Thu, 17 Dec 2009 17:48:45 -0500
Received: from mail-yx0-f188.google.com ([209.85.210.188]:40848)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <anthony@codemonkey.ws>) id 1NLP9I-0007f8-VM
	for qemu-devel@nongnu.org; Thu, 17 Dec 2009 17:48:45 -0500
Received: by yxe26 with SMTP id 26so2489349yxe.4
	for <qemu-devel@nongnu.org>; Thu, 17 Dec 2009 14:48:44 -0800 (PST)
Message-ID: <4B2AB549.7090209@codemonkey.ws>
Date: Thu, 17 Dec 2009 16:48:41 -0600
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
References: <adatyvp44ov.fsf@roland-alpha.cisco.com>	<4B2AB1F2.3060507@codemonkey.ws>
	<adaljh1441g.fsf@roland-alpha.cisco.com>
In-Reply-To: <adaljh1441g.fsf@roland-alpha.cisco.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] Re: [PATCH to consider for 0.12] vmware_vga: Don't
 crash on too-big DEFINE_CURSOR command
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Roland Dreier <rdreier@cisco.com>
Cc: Dave Airlie <airlied@gmail.com>, qemu-devel@nongnu.org

Roland Dreier wrote:
>  > His last patch has the same fix without the printf().  The printf is
>  > probably something to avoid since a malicious guest could create a
>  > storm of them.  Since libvirt logs stderr by default, the result could
>  > be pretty nasty.
>
> By the way, are the
>
>         fprintf(stderr, "%s: update width too large x: %d, w: %d\n",
>                         __FUNCTION__, x, w);
>
>         fprintf(stderr, "%s: update height too large y: %d, h: %d\n",
>                         __FUNCTION__, y, h);
>
> prints triggerable by a guest?  (I think so -- if so I can send a patch
> removing them if you want)
>
> How about the printf()s to stdout?  eg a guest can cause a flood of the
>
>             printf("%s: Unknown command 0x%02x in SVGA command FIFO\n",
>                             __FUNCTION__, cmd);
>
> or
>
>             printf("%s: guest runs %s.\n", __FUNCTION__,
>                             vmsvga_guest_id[value - GUEST_OS_BASE]);
>
> output if it wants pretty trivially.
>   
Yeah, that's all stuff that needs to go.

Regards,

Anthony Liguori