connection: Prevent integer overflow in DIV_ROUNDUP. - wayland

diff options

author	Michal Srb <msrb@suse.com>	2018-08-14 13:07:52 +0200
committer	Derek Foreman <derek.foreman.samsung@gmail.com>	2018-08-17 10:57:41 -0500
commit	f5b9e3b9a1df83ec3a6d219d7c28a1ac5bc0f339 (patch)
tree	f16aae048d5e27635828ad1e283bb213a6b5deea /tests/cpp-compile-test.cpp
parent	configure.ac: bump to version 1.15.93 for the RC1 release (diff)
download	wayland-f5b9e3b9a1df83ec3a6d219d7c28a1ac5bc0f339.tar wayland-f5b9e3b9a1df83ec3a6d219d7c28a1ac5bc0f339.tar.gz wayland-f5b9e3b9a1df83ec3a6d219d7c28a1ac5bc0f339.tar.bz2 wayland-f5b9e3b9a1df83ec3a6d219d7c28a1ac5bc0f339.tar.lz wayland-f5b9e3b9a1df83ec3a6d219d7c28a1ac5bc0f339.tar.xz wayland-f5b9e3b9a1df83ec3a6d219d7c28a1ac5bc0f339.tar.zst wayland-f5b9e3b9a1df83ec3a6d219d7c28a1ac5bc0f339.zip

connection: Prevent integer overflow in DIV_ROUNDUP.

The DIV_ROUNDUP macro would overflow when trying to round values higher than MAX_UINT32 - (a - 1). The result is 0 after the division. This is potential security issue when demarshalling an array because the length check is performed with the overflowed value, but then the original huge value is stored for later use. The issue was present only on 32bit platforms. The use of size_t in the DIV_ROUNDUP macro already promoted everything to 64 bit size on 64 bit systems. Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com> Style changes by Derek Foreman

Diffstat (limited to 'tests/cpp-compile-test.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: