Comment 0 for bug 1320187
Revision history for this message
| Alexandros Frantzis (afrantzis) wrote Hardcoded size for serialization buffers is not reliable nor secure | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
At various points in the code we are using a hardcoded size for the buffers we serialize our protobuf messages into. We are making the assumption that messages are always smaller than our hardcoded size (currenty 2KiB), but that is not correct. There are at least some protobuf messages that are unbounded.
We can see this problem cause a failure when running under VMware where the display configuration is large due to an abundance of displays and supported modes.
Marking this as critical since the bug also has potential security implications.