https://bugs.freedesktop.org/show_bug.cgi?id=69267
Priority: medium
Bug ID: 69267
Assignee: [email protected]
Summary: Putting a lot of data into wl_buffer can lead to
SIGSEGV
Severity: normal
Classification: Unclassified
OS: All
Reporter: [email protected]
Hardware: Other
Status: NEW
Version: unspecified
Component: wayland
Product: Wayland
Hey,
I just were browsing the code and I discovered that in wl_buffer_put is
possible to put into buffer more than 8192 bytes at once which means that we
will use memory which doesn't belong to wl_buffer. I don't know if it's on
purpose (because I did some debugging and nowhere were passed such an amount of
bytes) but still this can be a hole.
I successfully got SIGSEGV doing this:
...
...
void *long_data = malloc(big_number)
wl_connection_write(connection, long_data, big_number);
...
...
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Wayland-bugs mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/wayland-bugs
