Calls to msgsnd and msgrcv had an incorrect msgsz argument that was
consistently 4 bytes too long (it should not include the size of the
mtype field, as per the man page). This resulted in a buffer overread in
the case of msgsnd and overrun in the case of msgrcv.
Other implementations of rm2fb clients may also need to be fixed
(libremarkable, vnsee, waved). With this PR, the messages sent by bogus
clients that include 4 extra garbage bytes will still be accepted, but
truncated to fit in the actual structure, so as to preserve
compatibility until those clients are fixed.
Tested on rM2 2.11.0.442 with the following client apps: vnsee,
appmarkable, harmony, calculator, koreader (made sure that those apps
start and can send updates to the server successfully).
Calls to msgsnd and msgrcv had an incorrect msgsz argument that was consistently 4 bytes too long (it should not include the size of the mtype field, as per the man page). This resulted in a buffer overread in the case of msgsnd and overrun in the case of msgrcv.
Other implementations of rm2fb clients may also need to be fixed (libremarkable, vnsee, waved). With this PR, the messages sent by bogus clients that include 4 extra garbage bytes will still be accepted, but truncated to fit in the actual structure, so as to preserve compatibility until those clients are fixed.
Tested on rM2 2.11.0.442 with the following client apps: vnsee, appmarkable, harmony, calculator, koreader (made sure that those apps start and can send updates to the server successfully).