[Wayland-bugs] [Bug 751414] File descriptor leak in gdk_wayland_selection_request_target()

gtk+ Tue, 23 Jun 2015 15:17:22 -0700

https://bugzilla.gnome.org/show_bug.cgi?id=751414


--- Comment #1 from Michael Catanzaro <[email protected]> ---
Created attachment 305963
  --> https://bugzilla.gnome.org/attachment.cgi?id=305963&action=edit
GdkSelectionWayland: Fix file descriptor leak

I discovered that gdk_wayland_selection_request_target() does not
close() wayland_selection->stored_selection.fd before assigning a new fd
to it. A malicious Wayland client can trick a user into dragging data to
it from a GTK+ app, and then cause the GTK+ app to leak an arbitrary
number of file descriptors up to its limit by calling
wl_data_offer_receive() in a loop. This probably also works against any
GTK+ app that has placed data in the clipboard, though I didn't test
that.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

_______________________________________________
wayland-bugs mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/wayland-bugs

[Wayland-bugs] [Bug 751414] File descriptor leak in gdk_wayland_selection_request_target()

Reply via email to