[PATCH] server: Add API to protect access to an SHM buffer
jobol at nonadev.net
Wed Oct 2 00:24:57 PDT 2013
On dt, 2013-10-01 at 13:50 +0100, Neil Roberts wrote:
> José Bollo <jobol at nonadev.net> writes:
> > That is a really interesting point.
> > I have two questions about it:
> > - Is it normal that the client trucates the buffer? Is your patch
> > designed to allow normal operations? or to allow forbiden uses?
> > - If it is not "normal", is there good reasons to continue to
> > serve a nasty client?
> No, it's not normal that the client would truncate the buffer. The patch
> is effectively designed to disallow this and recover gracefully instead
> of making the compositor crash. It won't continue to serve the client
> but instead it will send it an error.
I checked it: the error currently emitted is WL_SHM_ERROR_INVALID_FD.
That is ambiguous what can be improved.
Then I discovered that posting errors are fatal for the
client/connection what I wasn't aware of despite the documentation
"protocol/wayland.xml". But I'm not as good in english to improve that
point of the documentation.
> The problem with truncating is
> probably only an issue if there are malicious clients. However the case
> where the client sends the wrong size to wl_shm.create_pool would be
> worth guarding against in any case because it would be quite easy for a
> buggy client to get that wrong and the compositor should really be
> robust against that.
Yeah, really needed.
> - Neil
More information about the wayland-devel