mirror of https://github.com/gnif/LookingGlass.git synced 2025-05-05 14:11:13 +00:00

Go to file

Tudor Brindus 8982493239 [client] clipboard: fix heap-buffer overflow in clipboardRequest

=================================================================
==7680==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000ec010 at pc 0x5622fcf9f386 bp 0x7f36084ff680 sp 0x7f36084ff678
WRITE of size 4 at 0x6020000ec010 thread T1
    #0 0x5622fcf9f385 in clipboardRequest /code/LookingGlass/client/src/main.c:707
    #1 0x5622fd0036c9 in wayland_cb_notice /code/LookingGlass/client/clipboards/Wayland/src/wayland.c:521
    #2 0x5622fcf9f4dc in spiceClipboardNotice /code/LookingGlass/client/src/main.c:724
    #3 0x5622fcfc4d59 in spice_agent_process /code/LookingGlass/repos/PureSpice/src/spice.c:1106
    #4 0x5622fcfc16d6 in spice_on_main_channel_read /code/LookingGlass/repos/PureSpice/src/spice.c:655
    #5 0x5622fcfbee4f in spice_process /code/LookingGlass/repos/PureSpice/src/spice.c:361
    #6 0x5622fcf9e3a2 in spiceThread /code/LookingGlass/client/src/main.c:598
    #7 0x5622fd006b5e in threadWrapper /code/LookingGlass/common/src/platform/linux/thread.c:39
    #8 0x7f3614b2bf26 in start_thread /build/glibc-WZtAaN/glibc-2.30/nptl/pthread_create.c:479
    #9 0x7f3614a4c2ee in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfd2ee)

0x6020000ec011 is located 0 bytes to the right of 1-byte region [0x6020000ec010,0x6020000ec011)
allocated by thread T1 here:
    #0 0x7f36156f9628 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x107628)
    #1 0x5622fcf9f33f in clipboardRequest /code/LookingGlass/client/src/main.c:705
    #2 0x5622fd0036c9 in wayland_cb_notice /code/LookingGlass/client/clipboards/Wayland/src/wayland.c:521
    #3 0x5622fcf9f4dc in spiceClipboardNotice /code/LookingGlass/client/src/main.c:724
    #4 0x5622fcfc4d59 in spice_agent_process /code/LookingGlass/repos/PureSpice/src/spice.c:1106
    #5 0x5622fcfc16d6 in spice_on_main_channel_read /code/LookingGlass/repos/PureSpice/src/spice.c:655
    #6 0x5622fcfbee4f in spice_process /code/LookingGlass/repos/PureSpice/src/spice.c:361
    #7 0x5622fcf9e3a2 in spiceThread /code/LookingGlass/client/src/main.c:598
    #8 0x5622fd006b5e in threadWrapper /code/LookingGlass/common/src/platform/linux/thread.c:39
    #9 0x7f3614b2bf26 in start_thread /build/glibc-WZtAaN/glibc-2.30/nptl/pthread_create.c:479

Thread T1 created by T0 here:
    #0 0x7f361562b9b2 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x399b2)
    #1 0x5622fd006cd0 in lgCreateThread /code/LookingGlass/common/src/platform/linux/thread.c:50
    #2 0x5622fcfa5a7d in lg_run /code/LookingGlass/client/src/main.c:1615
    #3 0x5622fcface28 in main /code/LookingGlass/client/src/main.c:2035
    #4 0x7f3614975e0a in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: heap-buffer-overflow /code/LookingGlass/client/src/main.c:707 in clipboardRequest
Shadow bytes around the buggy address:
  0x0c04800157b0: fa fa 00 00 fa fa fd fa fa fa fd fa fa fa fd fd
  0x0c04800157c0: fa fa fd fd fa fa fd fa fa fa 00 fa fa fa 00 fa
  0x0c04800157d0: fa fa 00 fa fa fa fd fa fa fa fd fd fa fa fa fa
  0x0c04800157e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c04800157f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c0480015800: fa fa[01]fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0480015810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0480015820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0480015830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0480015840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0480015850: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==7680==ABORTING

2021-01-10 14:52:58 +11:00

.github

[all] updated issue template and readme in preperation for B2

2020-10-08 20:04:52 +11:00

client

[client] clipboard: fix heap-buffer overflow in clipboardRequest

2021-01-10 14:52:58 +11:00

common

[common] linux: stop event signals accumulating after they are serviced

2021-01-08 01:18:02 +11:00

contrib/redhat

[meta] Add SELinux policy

2017-12-14 22:22:44 +11:00

host

[host] use the HotSpot information as provided by DXGI

2021-01-05 20:55:39 +11:00

module

[module] bump the version

2021-01-03 23:42:43 +11:00

obs

[all] added new format version field to frame header

2020-10-12 18:52:37 +11:00

profile

[profiler] client: updated to use new lgmp API and path

2020-05-19 11:37:44 +10:00

repos

[client] updated the PureSpice submodule

2021-01-08 08:54:27 +11:00

resources

[all] made a nicer icon, hopefully just a placeholder for now

2019-05-30 22:21:53 +10:00

vendor

[c-host] windows: update ivshmem driver header and usage

2019-10-24 19:46:09 +11:00

.gitattributes

[git] added vcxproj files to crlf exceptions

2017-10-31 20:19:52 +11:00

.gitignore

[obs] implemented intial OBS Looking Glass Client plugin

2020-01-10 18:14:08 +11:00

.gitmodules

[client] moved spice into a seperate repository

2020-01-31 21:39:57 +11:00

CONTRIBUTORS

Fixed typo in word wish

2018-05-31 13:28:36 +10:00

LICENSE

added licensing to sources

2017-10-31 19:07:16 +11:00

README.md

[doc] update Looking Glass website in README.md

2021-01-01 12:12:07 +11:00

version.cmake

[cmake] remove --long from version.cmake

2021-01-01 12:10:35 +11:00

README.md

Looking Glass

An extremely low latency KVMFR (KVM FrameRelay) implementation for guests with VGA PCI Passthrough.

Project Website: https://looking-glass.io
Getting Started: https://looking-glass.io/wiki/Installation

Donations

I (Geoffrey McRae) am the primary developer behind this project and I have invested thousands of hours of development time into it.

If you like this project and find it useful and would like to help out you can support me directly using the following platforms.

GitHub
Ko-Fi
Patreon
Paypal
BTC - 14ZFcYjsKPiVreHqcaekvHGL846u3ZuT13

Documentation

** IMPORTANT ** This project contains submodules that must be checked out if building from the git repository! If you are not a developer and just want to compile Looking Glass please download the source archive from the website instead:

https://looking-glass.io/downloads

Please also be sure to see the following files for more information Note: The README.md files are slowly being deprecated from this project in favor of the wiki at https://looking-glass.io/wiki, and as such the information in these files may be dated.