From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:51999)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1TXqOh-0001XD-Rw
	for qemu-devel@nongnu.org; Mon, 12 Nov 2012 04:33:42 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1TXqOe-0008A4-ON
	for qemu-devel@nongnu.org; Mon, 12 Nov 2012 04:33:39 -0500
Received: from mx1.redhat.com ([209.132.183.28]:8876)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1TXqOe-00089m-HG
	for qemu-devel@nongnu.org; Mon, 12 Nov 2012 04:33:36 -0500
Message-ID: <50A0C260.70408@redhat.com>
Date: Mon, 12 Nov 2012 10:33:20 +0100
From: Gerd Hoffmann <kraxel@redhat.com>
MIME-Version: 1.0
References: <alpine.LFD.2.02.1211012105080.690@bbs.intern>
	<CAFEAcA-H26vzPDapoK_52maoEoHiLZg-qw0ApzP-5t4VSmGWow@mail.gmail.com>
	<509D059F.9000809@redhat.com> <201211100045.39497.marex@denx.de>
In-Reply-To: <201211100045.39497.marex@denx.de>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] ui/vnc.c: Fix crash with VNC
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Marek Vasut <marex@denx.de>
Cc: Gerhard Wiesinger <lists@wiesinger.com>, Peter Maydell <peter.maydell@linaro.org>, Anthony Liguori <aliguori@us.ibm.com>, qemu-devel@nongnu.org

On 11/10/12 00:45, Marek Vasut wrote:
> Dear Gerd Hoffmann,
> 
>> On 11/09/12 10:50, Peter Maydell wrote:
>>> On 9 November 2012 10:42, Anthony Liguori <aliguori@us.ibm.com> wrote:
>>>> While the abstract discussion is fun, it never hurts to be defensive.  I
>>>> agree the root cause is vmware-vga but checking in vnc doesn't hurt.
>>>
>>> Defensive programming would suggest doing the clipping in the
>>> console.c layer. That sounds a reasonable plan to me (especially
>>> if we've hit similar problems multiple times in the past).
>>
>> Fully agree, I'll cook up a patch as I'm touching that anyway.
>>
>> Question is just whenever we'll go silently fixup stuff in console.c or
>> use assert()s to enforce callers getting this correct.  I'd tend to use
>> assert() as vmware-vga passing bogous stuff there IMHO indicates there
>> is a bug in vmware-vga.
> 
> Or rather some revisions of the guest X driver. Though it's worth investigating 
> it in the right place indeed.

That too, but we must add a check to qemu nevertheless.  We can't trust
the guest to not pass in bogous data, be it intentionally or by mistake.
 vmware-vga must sanity check the guest input no matter what, but
validating the guests input once should be enougth.

cheers,
  Gerd