diff options
author | Brian Gianforcaro <bgianf@serenityos.org> | 2022-03-13 20:07:31 -0700 |
---|---|---|
committer | Andreas Kling <kling@serenityos.org> | 2022-03-14 22:30:22 +0100 |
commit | c0ed656c94ffa11e1949ed2e4cc68469aa0d0cd0 (patch) | |
tree | 07f2e08b8ed3f01a57eecb2583b6e283fc32d741 /Kernel/GlobalProcessExposed.cpp | |
parent | af50895fa316129b0bf37a4b8f9810b6bc365804 (diff) | |
download | serenity-c0ed656c94ffa11e1949ed2e4cc68469aa0d0cd0.zip |
Kernel: Fix buffer overflow in VirtIOGPU create_3d_resource(..)
This code attempts to copy the `Protocol::Resource3DSpecification`
struct into request, starting at `Protocol::ResourceCreate3D::target`
member of the `Protocol::ResourceCreate3D` struct.
The problem is that the `Protocol::Resource3DSpecification` struct
does not having the trailing `u32 padding` that the `ResourceCreate3D`
struct has. Leading to memcopy overrunning the struct and corrupting
32 bits of data trailing the struct.
Found by SonarCloud:
- Memory copy function overflows the destination buffer.
Diffstat (limited to 'Kernel/GlobalProcessExposed.cpp')
0 files changed, 0 insertions, 0 deletions