qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] Re: [PATCH to consider for 0.12] vmware_vga: Don't crash on

From: Roland Dreier
Subject: [Qemu-devel] Re: [PATCH to consider for 0.12] vmware_vga: Don't crash on too-big DEFINE_CURSOR command
Date: Thu, 17 Dec 2009 14:41:15 -0800
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux) 
 > His last patch has the same fix without the printf().  The printf is
 > probably something to avoid since a malicious guest could create a
 > storm of them.  Since libvirt logs stderr by default, the result could
 > be pretty nasty.

By the way, are the

        fprintf(stderr, "%s: update width too large x: %d, w: %d\n",
                        __FUNCTION__, x, w);

        fprintf(stderr, "%s: update height too large y: %d, h: %d\n",
                        __FUNCTION__, y, h);

prints triggerable by a guest?  (I think so -- if so I can send a patch
removing them if you want)

How about the printf()s to stdout?  eg a guest can cause a flood of the

            printf("%s: Unknown command 0x%02x in SVGA command FIFO\n",
                            __FUNCTION__, cmd);

or

            printf("%s: guest runs %s.\n", __FUNCTION__,
                            vmsvga_guest_id[value - GUEST_OS_BASE]);

output if it wants pretty trivially.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]