[Wayland-bugs] [Bug 751414] File descriptor leak in gdk_wayland_selection_request_target()
gtk+ (GNOME Bugzilla)
bugzilla at gnome.org
Tue Jun 23 15:16:45 PDT 2015
https://bugzilla.gnome.org/show_bug.cgi?id=751414
--- Comment #1 from Michael Catanzaro <mcatanzaro at gnome.org> ---
Created attachment 305963
--> https://bugzilla.gnome.org/attachment.cgi?id=305963&action=edit
GdkSelectionWayland: Fix file descriptor leak
I discovered that gdk_wayland_selection_request_target() does not
close() wayland_selection->stored_selection.fd before assigning a new fd
to it. A malicious Wayland client can trick a user into dragging data to
it from a GTK+ app, and then cause the GTK+ app to leak an arbitrary
number of file descriptors up to its limit by calling
wl_data_offer_receive() in a loop. This probably also works against any
GTK+ app that has placed data in the clipboard, though I didn't test
that.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/wayland-bugs/attachments/20150623/3a9ec088/attachment.html>
More information about the wayland-bugs
mailing list