Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Buffer overread in rm2fb client #37

Open
matteodelabre opened this issue Jan 31, 2022 · 0 comments
Open

Buffer overread in rm2fb client #37

matteodelabre opened this issue Jan 31, 2022 · 0 comments
Labels
bug Something isn't working

Comments

@matteodelabre
Copy link
Owner

There is a buffer overread in the following call to msgsnd:

if (msgsnd(this->msgqueue_id, &message, sizeof(message), 0) == -1)

As per the man page, the msgsz argument (third argument) should not include the size of the mtype field, only of the data field, so currently this call will read 4 extra bytes from memory and send them to the server.

(Related to ddvk/remarkable2-framebuffer#89.)

@matteodelabre matteodelabre added the bug Something isn't working label Jan 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant