AcoSail/wayland
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
ea11878d00
wayland/tests
History
Pekka Paalanen bace3cd819 connection: fix demarshal of invalid header 
The size argument to wl_connection_demarshal() is taken from the message by the
caller wl_client_connection_data(), therefore 'size' is untrusted data
controllable by a Wayland client. The size should always be at least the header
size, otherwise the header is invalid.

If the size is smaller than header size, it leads to reading past the end of
allocated memory. Furthermore if size is zero, wl_closure_init() changes
behaviour and leaves num_arrays uninitialized, leading to access of arbitrary
memory.

Check that 'size' fits at least the header. The space for arguments is already
properly checked.

This makes the request_bogus_size test free of errors under Valgrind.

Fixes: https://gitlab.freedesktop.org/wayland/wayland/issues/52

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Reviewed-by: Simon Ser <contact@emersion.fr>
2019-03-13 12:39:16 +02:00
..
data tests: fix scanner private-code test reference data 2018-02-26 07:35:04 -06:00
array-test.c array-test: Include wayland-util.h and simplify init test 2016-10-18 12:24:53 +03:00
client-test.c tests: Update boilerplate from MIT X11 license to MIT Expat license 2015-06-12 15:31:24 -07:00
compositor-introspection-test.c Add a resource creation signal 2016-08-12 11:43:02 +03:00
connection-test.c connection: fix demarshal of invalid header 2019-03-13 12:39:16 +02:00
cpp-compile-test.cpp tests: C++ compilation test 2015-01-27 11:17:42 +00:00
display-test.c proto, server: Add internal server error message. (v2) 2019-01-29 15:58:19 +02:00
event-loop-test.c (multiple): Include stdint.h 2016-07-25 18:39:32 -07:00
exec-fd-leak-checker.c tests: Require base 10 for the string specifying the number of open fd's 2016-07-11 13:32:15 -07:00
fixed-benchmark.c fixed-benchmark: remove unused arguments in main 2015-07-10 17:17:46 -07:00
fixed-test.c tests: Update boilerplate from MIT X11 license to MIT Expat license 2015-06-12 15:31:24 -07:00
headers-protocol-core-test.c tests: Check for client/server-core.h inclusion 2016-05-19 14:31:18 -07:00
headers-protocol-test.c tests: Update boilerplate from MIT X11 license to MIT Expat license 2015-06-12 15:31:24 -07:00
headers-test.c tests: Update boilerplate from MIT X11 license to MIT Expat license 2015-06-12 15:31:24 -07:00
interface-test.c tests: Test wl_interface_equal 2016-11-18 16:21:19 +02:00
list-test.c tests: Add test for wl_list_length 2016-09-05 15:10:43 +03:00
map-test.c (multiple): Include stdint.h 2016-07-25 18:39:32 -07:00
message-test.c tests: Add nullable check to wl_message_count_arrays 2016-11-18 16:59:23 +02:00
newsignal-test.c server: add a safer signal type and port wl_display to it 2017-01-25 13:46:23 +02:00
os-wrappers-test.c (multiple): Include stdint.h 2016-07-25 18:39:32 -07:00
protocol-logger-test.c Add API to install protocol loggers on the server wl_display 2016-08-12 11:59:46 +03:00
queue-test.c (multiple): Include stdint.h 2016-07-25 18:39:32 -07:00
resources-test.c tests: Add free-without-remove test 2018-04-20 13:19:13 -05:00
sanity-test.c tests: Remove memory leak checking infrastructure 2018-08-29 09:59:04 +01:00
scanner-test.sh tests: add code, public-code and private-code tests 2018-02-22 13:51:50 +02:00
signal-test.c tests: Update boilerplate from MIT X11 license to MIT Expat license 2015-06-12 15:31:24 -07:00
socket-test.c tests: Overly elaborate compiler warning workaround 2018-08-29 09:59:04 +01:00
test-compositor.c tests: Remove memory leak checking infrastructure 2018-08-29 09:59:04 +01:00
test-compositor.h (multiple): Include stdint.h 2016-07-25 18:39:32 -07:00
test-helpers.c tests: disable coredumps on sanity-test 2018-03-15 14:59:24 +02:00
test-runner.c tests: Remove memory leak checking infrastructure 2018-08-29 09:59:04 +01:00
test-runner.h tests: Remove memory leak checking infrastructure 2018-08-29 09:59:04 +01:00