On 09/05/14 10:58, Gerd Hoffmann wrote: > Hi, > >> I can't track this back far enough. I'd feel safer if you checked that >> the multiplication can't overflow even in uint64_t. > > Effectively it comes from the emulated graphics hardware (anything in > hw/display/*). The gfx emulation must make sure that the framebuffer > fits into the video memory, which in turn pretty much implies that we > can't overflow uint64_t. I think even uint32_t can't overflow with the > gfx hardware we are emulating today. > >> (5) Instead, you really need to make sure that the very first >> multiplication fits in a signed int: > > Makes sense. I think it is easier to just multiply in 64bit, then check > the result is small enougth (new patch attached).
Okay, if you can guarantee that the product fits in uint64_t, then such a check would suffice. New patch has not been attached though :) > >>> /* display listener callbacks */ >>> @@ -495,7 +503,7 @@ static void interface_get_init_info(QXLInstance *sin, >>> QXLDevInitInfo *info) >>> info->num_memslots = NUM_MEMSLOTS; >>> info->num_memslots_groups = NUM_MEMSLOTS_GROUPS; >>> info->internal_groupslot_id = 0; >>> - info->qxl_ram_size = ssd->bufsize; >>> + info->qxl_ram_size = 16 * 1024 * 1024; >>> info->n_surfaces = ssd->num_surfaces; >>> } > > spice-server doesn't do anything with it, other than passing to > spice-client. Not fully sure what spice-client uses this for, maybe as > some kind of hint for resource management. Maybe not at all. > > It surely doesn't matter at all for ssd->buf size. Okay, I'll trust you on this. Thanks Laszlo
