| Summary: | add sanity check to avoid buffer overflow | ||
|---|---|---|---|
| Product: | Wayland | Reporter: | Boram <boram1288> |
| Component: | wayland | Assignee: | Wayland bug list <wayland-bugs> |
| Status: | RESOLVED NOTABUG | QA Contact: | |
| Severity: | critical | ||
| Priority: | medium | ||
| Version: | unspecified | ||
| Hardware: | Other | ||
| OS: | All | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
| Attachments: | patch file to fix issue | ||
|
Description
Boram
2017-09-13 03:10:50 UTC
Hi, thanks for the patch. Patches should be sent to the wayland-devel@ mailing list as per the contribution instructions linked to from https://wayland.freedesktop.org/ . I believe the check you are adding is redundant with the checks in the callers of wl_buffer_put(): wl_connection_write() and wl_connection_queue(). Both callers first check if the 'count' bytes fit in wl_buffer_size() and if not, they force a flush that either completely empties the buffer or fails and causes an early exit from the functions. Therefore the callers ensure that either the 'count' bytes fit, or the buffer is completely empty. But I do agree that all that looks fragile. Even if the check you add seems redundant, I think it would be good to have. A sanity check, as you say. Please, re-send this patch to wayland-devel@ mailing list with a link to this bug report and the following line: Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> added to the commit message. Hi thanks for your comment. I've sent my patch to wayland-devel mailing. Patch was discussed on the list; closing this bug. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.