• Hanno Böck's avatar
    main: fix heap overflow in dbus-launch wrapping · 634ab70d
    Hanno Böck authored
    I have discovered a heap overflow with the help of an address sanitizer.
    
    The require_dbus_session() function has this code:
    
            new_argv = g_malloc (argc + 3 * sizeof (*argv));
    
    The intention is to allocate space for (argc + 3) pointers. However obviously a
    parenthesis is missing, therefore only argc bytes + 3 * pointer size gets
    allocated, which is insufficient space. This leads to invalid memory writes.
    
    The fix is trivial: Parentheses around argc + 3.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=768441
    634ab70d
Name
Last commit
Last update
..
Makefile.am Loading commit data...
README Loading commit data...
gdm-log.c Loading commit data...
gdm-log.h Loading commit data...
gnome-session.in Loading commit data...
gsm-app.c Loading commit data...
gsm-app.h Loading commit data...
gsm-autostart-app.c Loading commit data...
gsm-autostart-app.h Loading commit data...
gsm-client.c Loading commit data...
gsm-client.h Loading commit data...
gsm-consolekit.c Loading commit data...
gsm-consolekit.h Loading commit data...
gsm-dbus-client.c Loading commit data...
gsm-dbus-client.h Loading commit data...
gsm-fail-whale-dialog.c Loading commit data...
gsm-fail-whale-dialog.h Loading commit data...
gsm-fail-whale.c Loading commit data...
gsm-fail-whale.h Loading commit data...
gsm-icon-names.h Loading commit data...
gsm-inhibitor-flag.h Loading commit data...
gsm-inhibitor.c Loading commit data...
gsm-inhibitor.h Loading commit data...
gsm-manager-logout-mode.h Loading commit data...
gsm-manager.c Loading commit data...
gsm-manager.h Loading commit data...
gsm-presence-flag.h Loading commit data...
gsm-presence.c Loading commit data...
gsm-presence.h Loading commit data...
gsm-process-helper.c Loading commit data...
gsm-process-helper.h Loading commit data...
gsm-session-fill.c Loading commit data...
gsm-session-fill.h Loading commit data...
gsm-session-save.c Loading commit data...
gsm-session-save.h Loading commit data...
gsm-shell-extensions.c Loading commit data...
gsm-shell-extensions.h Loading commit data...
gsm-shell.c Loading commit data...
gsm-shell.h Loading commit data...
gsm-store.c Loading commit data...
gsm-store.h Loading commit data...
gsm-system.c Loading commit data...
gsm-system.h Loading commit data...
gsm-systemd.c Loading commit data...
gsm-systemd.h Loading commit data...
gsm-util.c Loading commit data...
gsm-util.h Loading commit data...
gsm-xsmp-client.c Loading commit data...
gsm-xsmp-client.h Loading commit data...
gsm-xsmp-server.c Loading commit data...
gsm-xsmp-server.h Loading commit data...
main.c Loading commit data...
org.gnome.SessionManager.App.xml Loading commit data...
org.gnome.SessionManager.Client.xml Loading commit data...
org.gnome.SessionManager.ClientPrivate.xml Loading commit data...
org.gnome.SessionManager.Inhibitor.xml Loading commit data...
org.gnome.SessionManager.Presence.xml Loading commit data...
org.gnome.SessionManager.xml Loading commit data...
test-client-dbus.c Loading commit data...
test-inhibit.c Loading commit data...
test-process-helper.c Loading commit data...