Commit f7fdface authored by Michal Srb's avatar Michal Srb Committed by Derek Foreman

connection: Prevent pointer overflow from large lengths.

If the remote side sends sufficiently large `length` field, it will
overflow the `p` pointer. Technically it is undefined behavior, in
practice it makes `p < end`, so the length check passes. Attempts to
access the data later causes crashes.

This issue manifests only on 32bit systems, but the behavior is
undefined everywhere.
Reviewed-by: Pekka Paalanen's avatarPekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Derek Foreman's avatarDerek Foreman <derek.foreman.samsung@gmail.com>
parent f5b9e3b9
Pipeline #3307 passed with stage
in 2 minutes and 44 seconds