[PATCH wayland v2] connection: Error out if file descriptor was not received
Lubomir Rintel
lkundrak at v3.sk
Sat Nov 16 05:31:03 PST 2013
Otherwise the tail of fds_in buffer would just shift beyond the beginning.
That confuses the actual request handler and results in a crash further on
due to corrupted tail.
Signed-off-by: Lubomir Rintel <lkundrak at v3.sk>
---
Changes since v1:
Erroring out early instead of calling the request handler with invalid fd number
src/connection.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/connection.c b/src/connection.c
index 451b93e..1d8b61b 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -744,6 +744,15 @@ wl_connection_demarshal(struct wl_connection *connection,
p = next;
break;
case 'h':
+ if (connection->fds_in.tail == connection->fds_in.head) {
+ printf("file descriptor expected, "
+ "object (%d), message %s(%s)\n",
+ closure->sender_id, message->name,
+ message->signature);
+ errno = EINVAL;
+ goto err;
+ }
+
wl_buffer_copy(&connection->fds_in, &fd, sizeof fd);
connection->fds_in.tail += sizeof fd;
closure->args[i].h = fd;
--
1.8.4.2
More information about the wayland-devel
mailing list