[PATCH] connection: Don't add uninitialized memory as 4 byte alignment padding

Jonas Ådahl jadahl at gmail.com
Wed Feb 10 15:35:44 UTC 2016

When we are adding padding bytes making our wl_buffer buffer content 4
byte aligned, we are just moving the pointer. Since the buffer is
allocated using plain malloc(), this means our padding bytes are
effectively uninitialized data, which could be anything previously
allocated in the server process. As we'll be sharing this buffer
content with arbitrary clients, we are effectively sharing private
memory with every client, and even though a well behaving client will
discard any such memory, a malicious client may not.

Therefor, to avoid any potential missuse of the uninitialized padding
memory shared between the server and client, initialize the buffer
content to 0, making the padding bytes always 0.

Signed-off-by: Jonas Ådahl <jadahl at gmail.com>
 src/connection.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/connection.c b/src/connection.c
index 65b64e9..c0e322f 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -1137,7 +1137,7 @@ wl_closure_send(struct wl_closure *closure, struct wl_connection *connection)
 		return -1;
 	buffer_size = buffer_size_for_closure(closure);
-	buffer = malloc(buffer_size * sizeof buffer[0]);
+	buffer = zalloc(buffer_size * sizeof buffer[0]);
 	if (buffer == NULL)
 		return -1;

More information about the wayland-devel mailing list