Google Git
Sign in
fuchsia / third_party / wayland / f5b9e3b9a1df83ec3a6d219d7c28a1ac5bc0f339
commitf5b9e3b9a1df83ec3a6d219d7c28a1ac5bc0f339[log] [tgz]
authorMichal Srb <msrb@suse.com>Tue Aug 14 13:07:52 2018 +0200
committerDerek Foreman <derek.foreman.samsung@gmail.com>Fri Aug 17 10:57:41 2018 -0500
treef16aae048d5e27635828ad1e283bb213a6b5deea
parentfde60465c3b30c9bbcfdd67622ce5539709bac40 [diff]
connection: Prevent integer overflow in DIV_ROUNDUP.

The DIV_ROUNDUP macro would overflow when trying to round values higher
than MAX_UINT32 - (a - 1). The result is 0 after the division. This is
potential security issue when demarshalling an array because the length
check is performed with the overflowed value, but then the original huge
value is stored for later use.

The issue was present only on 32bit platforms. The use of size_t in the
DIV_ROUNDUP macro already promoted everything to 64 bit size on 64 bit
systems.
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>

Style changes by Derek Foreman
1 file changed
tree: f16aae048d5e27635828ad1e283bb213a6b5deea
  1. cursor/
  2. doc/
  3. egl/
  4. m4/
  5. protocol/
  6. src/
  7. tests/
  8. .gitignore
  9. .gitlab-ci.yml
  10. autogen.sh
  11. configure.ac
  12. CONTRIBUTING.md
  13. COPYING
  14. Makefile.am
  15. publish-doc
  16. README
  17. TODO
  18. wayland-scanner.m4
  19. wayland-scanner.mk