[Wayland-bugs] [Bug 102690] add sanity check to avoid buffer overflow

[bugzilla-daemon at freedesktop.org]

https://bugs.freedesktop.org/show_bug.cgi?id=102690

--- Comment #1 from Pekka Paalanen <ppaalanen at gmail.com> ---
Hi,

thanks for the patch.

Patches should be sent to the wayland-devel@ mailing list as per the
contribution instructions linked to from https://wayland.freedesktop.org/ .

I believe the check you are adding is redundant with the checks in the callers
of wl_buffer_put(): wl_connection_write() and wl_connection_queue(). Both
callers first check if the 'count' bytes fit in wl_buffer_size() and if not,
they force a flush that either completely empties the buffer or fails and
causes an early exit from the functions. Therefore the callers ensure that
either the 'count' bytes fit, or the buffer is completely empty.

But I do agree that all that looks fragile.

Even if the check you add seems redundant, I think it would be good to have. A
sanity check, as you say.

Please, re-send this patch to wayland-devel@ mailing list with a link to this
bug report and the following line:

Acked-by: Pekka Paalanen <pekka.paalanen at collabora.co.uk>

added to the commit message.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/wayland-bugs/attachments/20170913/fa51b65f/attachment-0001.html>