On Thu, Apr 17, 2014 at 06:20:37PM +0300, Ander Conselvan de Oliveira wrote:
> From: Ander Conselvan de Oliveira
>
> If a message was too big to fit in the connection buffer, the code
> in wl_buffer_put would just write past the end of it.
>
> I haven't seen any real world use case that would tr
On Apr 17, 2014 10:37 AM, "Hardening" wrote:
>
> Le 17/04/2014 17:20, Ander Conselvan de Oliveira a écrit :
>
>> From: Ander Conselvan de Oliveira
>>
>> If a message was too big to fit in the connection buffer, the code
>> in wl_buffer_put would just write past the end of it.
>>
>> I haven't seen
Le 17/04/2014 17:20, Ander Conselvan de Oliveira a écrit :
From: Ander Conselvan de Oliveira
If a message was too big to fit in the connection buffer, the code
in wl_buffer_put would just write past the end of it.
I haven't seen any real world use case that would trigger this bug, but
it was p
On Thu, Apr 17, 2014 at 11:20 AM, Ander Conselvan de Oliveira <
conselv...@gmail.com> wrote:
> From: Ander Conselvan de Oliveira
>
> If a message was too big to fit in the connection buffer, the code
> in wl_buffer_put would just write past the end of it.
>
> I haven't seen any real world use cas
From: Ander Conselvan de Oliveira
If a message was too big to fit in the connection buffer, the code
in wl_buffer_put would just write past the end of it.
I haven't seen any real world use case that would trigger this bug, but
it was possible to trigger it by sending a long enough string to the
