Like the similar wl_log() message further into this function that was
fixed in commit 2fc248dc2c877d02694db40aad52180d71373d5a this should
be printing the sender_id saved earlier instead of *p.

Since p is incremented during the loop it would not only print an
incorrect object id, it could read past the end of the array.

Signed-off-by: Derek Foreman <der...@osg.samsung.com>
---
 src/connection.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/connection.c b/src/connection.c
index 5d5711f..294c521 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -710,7 +710,8 @@ wl_connection_demarshal(struct wl_connection *connection,
                if (arg.type != 'h' && p + 1 > end) {
                        wl_log("message too short, "
                               "object (%d), message %s(%s)\n",
-                              *p, message->name, message->signature);
+                              closure->sender_id, message->name,
+                              message->signature);
                        errno = EINVAL;
                        goto err;
                }
-- 
2.14.3

_______________________________________________
wayland-devel mailing list
wayland-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/wayland-devel

Reply via email to