[Wayland-bugs] [Bug 69267] New: Putting a lot of data into wl_buffer can lead to SIGSEGV

Thu Sep 12 05:04:09 PDT 2013

https://bugs.freedesktop.org/show_bug.cgi?id=69267

          Priority: medium
            Bug ID: 69267
          Assignee: wayland-bugs at lists.freedesktop.org
           Summary: Putting a lot of data into wl_buffer can lead to
                    SIGSEGV
          Severity: normal
    Classification: Unclassified
                OS: All
          Reporter: mchqwerty at gmail.com
          Hardware: Other
            Status: NEW
           Version: unspecified
         Component: wayland
           Product: Wayland

Hey,

I just were browsing the code and I discovered that in wl_buffer_put is
possible to put into buffer more than 8192 bytes at once which means that we
will use memory which doesn't belong to wl_buffer. I don't know if it's on
purpose (because I did some debugging and nowhere were passed such an amount of
bytes) but still this can be a hole.

I successfully got SIGSEGV doing this:

...
...
void *long_data = malloc(big_number)
wl_connection_write(connection, long_data, big_number);
...
...

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/wayland-bugs/attachments/20130912/a75081ba/attachment.html>