Open dwrobel opened 5 years ago
Copying wpe_input_axis_event to IPC::Message::messageData in the code like:
memcpy( message.messageData, &event, sizeof(event) );
causes memory corruption as the size of messageData is 24 while the size of wpe_input_axis_event is 28 bytes.
Dump of relevant offsets:
(gdb) ptype /o IPC::Message / offset | size / type = struct IPC::Message { static const size_t size; static const size_t dataSize; / 0 | 8 / uint64_t messageCode; / 8 | 24 / uint8_t messageData[24];
/* total size (bytes): 32 */ }
(gdb) ptype /o wpe_input_axis_event / offset | size / type = struct wpe_input_axis_event { / 0 | 4 / enum wpe_input_axis_event_type type; / 4 | 4 / uint32_t time; / 8 | 4 / int x; / 12 | 4 / int y; / 16 | 4 / uint32_t axis; / 20 | 4 / int32_t value; / 24 | 4 / uint32_t modifiers;
/* total size (bytes): 28 */ }
Fix increases the size of messageData appropriately and adds a static_assert() to make sure the program will not compile rather than trying to corrupt the memory.
@dwrobel is still needed with the current master?
I'm sorry, I can't tell you as I'm not working on that any longer.
Copying wpe_input_axis_event to IPC::Message::messageData in the code like:
causes memory corruption as the size of messageData is 24 while the size of wpe_input_axis_event is 28 bytes.
Dump of relevant offsets:
(gdb) ptype /o IPC::Message / offset | size / type = struct IPC::Message { static const size_t size; static const size_t dataSize; / 0 | 8 / uint64_t messageCode; / 8 | 24 / uint8_t messageData[24];
(gdb) ptype /o wpe_input_axis_event / offset | size / type = struct wpe_input_axis_event { / 0 | 4 / enum wpe_input_axis_event_type type; / 4 | 4 / uint32_t time; / 8 | 4 / int x; / 12 | 4 / int y; / 16 | 4 / uint32_t axis; / 20 | 4 / int32_t value; / 24 | 4 / uint32_t modifiers;
Fix increases the size of messageData appropriately and adds a static_assert() to make sure the program will not compile rather than trying to corrupt the memory.