[PATCH] server: Add API to protect access to an SHM buffer

José Bollo jobol at nonadev.net
Wed Oct 2 00:24:57 PDT 2013

On dt, 2013-10-01 at 13:50 +0100, Neil Roberts wrote:
> Hi
> José Bollo <jobol at nonadev.net> writes:
> > That is a really interesting point.
> > I have two questions about it:
> >  - Is it normal that the client trucates the buffer? Is your patch
> >    designed to allow normal operations? or to allow forbiden uses?
> >  - If it is not "normal", is there good reasons to continue to 
> >    serve a nasty client?
> No, it's not normal that the client would truncate the buffer. The patch
> is effectively designed to disallow this and recover gracefully instead
> of making the compositor crash. It won't continue to serve the client
> but instead it will send it an error. 

I checked it: the error currently emitted is WL_SHM_ERROR_INVALID_FD.
That is ambiguous what can be improved. 

Then I discovered that posting errors are fatal for the
client/connection what I wasn't aware of despite the documentation
"protocol/wayland.xml". But I'm not as good in english to improve that
point of the documentation.

> The problem with truncating is
> probably only an issue if there are malicious clients. However the case
> where the client sends the wrong size to wl_shm.create_pool would be
> worth guarding against in any case because it would be quite easy for a
> buggy client to get that wrong and the compositor should really be
> robust against that.

Yeah, really needed. 

> Regards,
> - Neil

More information about the wayland-devel mailing list