On 18/01/2018 17:06, Thomas Huth wrote: > On 18.01.2018 16:33, Paolo Bonzini wrote: >> On 18/01/2018 15:50, Peter Maydell wrote: >>> On 18 January 2018 at 14:46, Paolo Bonzini <pbonz...@redhat.com> wrote: >>>> On 18/01/2018 15:12, Daniel P. Berrange wrote: >>>>>> In addition to that, do we support a >= 2 GiB framebuffer at all? (Even >>>>>> with unsigned ints, Coverity would rightly complain about a truncated >>>>>> 32-bit multiplication being assigned to a 64-bit value). >>>>> client_width/client_height are values that are initialized from the >>>>> graphics card frontend config, and thus limited by amount of video >>>>> RAM QEMU allows. bytes_per_pixel is limited to 8/16/32. >>>>> >>>>> So I think we're safe from 2GB overflow in any normal case. >>>>> >>>>> That said, VGA RAM size is configurable, so I'm curious what would happen >>>>> if someone configured an insanely large VGA RAM and asked for a big frame >>>>> buffer in guest. >>>>> >>>>> VNC is protocol limited to uint16 for width/height size, and so is X11 >>>>> so I imagine some exploding behavour would follow :-) >>>> >>>> Indeed, and even 2^16 x 2^16 * 32bpp is already 34 bits. So perhaps we >>>> should limit VNC to 16384 pixels on each axis (maximum frame buffer size >>>> 1 GiB). >>> >>> Google says you can already get graphics cards that can do 15360x8640, >>> which is really quite close to that 16384 limit... >> >> Then we can do 32767 * 16384 * 4, but I'm a bit afraid of off-by-ones. > > Simply limit it to 30000 * 20000 ?
That's too much (exceeds 2^31-1 at 32bpp), but yeah, 30720*17280 is twice what Peter found and it's safe. Paolo
