[PATCH wayland v2] connection: Error out if file descriptor was not received

Lubomir Rintel lkundrak at v3.sk
Sat Nov 16 05:31:03 PST 2013


Otherwise the tail of fds_in buffer would just shift beyond the beginning.
That confuses the actual request handler and results in a crash further on
due to corrupted tail.

Signed-off-by: Lubomir Rintel <lkundrak at v3.sk>
---
Changes since v1:
	Erroring out early instead of calling the request handler with invalid fd number

 src/connection.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/connection.c b/src/connection.c
index 451b93e..1d8b61b 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -744,6 +744,15 @@ wl_connection_demarshal(struct wl_connection *connection,
 			p = next;
 			break;
 		case 'h':
+			if (connection->fds_in.tail == connection->fds_in.head) {
+				printf("file descriptor expected, "
+				       "object (%d), message %s(%s)\n",
+				       closure->sender_id, message->name,
+				       message->signature);
+				errno = EINVAL;
+				goto err;
+			}
+
 			wl_buffer_copy(&connection->fds_in, &fd, sizeof fd);
 			connection->fds_in.tail += sizeof fd;
 			closure->args[i].h = fd;
-- 
1.8.4.2



More information about the wayland-devel mailing list