Hi, Sorry for the long delay. I rewrote it using different method. IMO it is cleaner now too.
There were two kinds of overflows - integer overflow when rounding the length and pointer/integer overflow when adding the length to the `p`. So I split it into two patches + one with tests. Michal Srb (3): tests: Demarshalling of very long array/string lengths. connection: Prevent integer overflow in DIV_ROUNDUP. connection: Prevent pointer overflow from large lengths. src/connection.c | 31 +++++++++++++++++++------------ tests/connection-test.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+), 12 deletions(-) -- 2.16.4 _______________________________________________ wayland-devel mailing list wayland-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/wayland-devel
