summaryrefslogblamecommitdiff
path: root/user/tigervnc/0001-CSecurityTLS-Use-size_t-as-argument-for-new.patch
blob: 1c608048c2c47c56d80b1188c42c66502f3de4a7 (plain) (tree)

































































                                                                                                                                                                                                         
From 065a471d16636c3fba5da8aed86ffa30dcfd489b Mon Sep 17 00:00:00 2001
From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
Date: Wed, 20 Mar 2019 13:22:51 -0500
Subject: [PATCH 1/2] CSecurityTLS: Use size_t as argument for new
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Using an 'int' is invalid, and produces the following output under GCC 8.3.0:

tigervnc-1.9.0/common/rfb/CSecurityTLS.cxx: In member function ‘void rfb::CSecurityTLS::checkSession()’:
tigervnc-1.9.0/common/rfb/CSecurityTLS.cxx:384:11: error: specified bound range [18446744071562067968, 18446744073709551615] exceeds ‘INT_MAX’ [-Werror=format-truncation=]
   snprintf(certinfo, len, "This certificate has been signed by an unknown "
   ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                           "authority:\n\n%s\n\nDo you want to save it and "
                           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                           "continue? ", info.data);
                           ~~~~~~~~~~~~~~~~~~~~~~~~
tigervnc-1.9.0/common/rfb/CSecurityTLS.cxx:380:26: error: argument 1 range [18446744071562067968, 18446744073709551615] exceeds maximum object size 9223372036854775807 [-Werror=alloc-size-larger-than=]
   certinfo = new char[len];
                          ^
In file included from /usr/include/c++/8.3.0/ext/new_allocator.h:33,
                 from /usr/include/c++/8.3.0/powerpc64-foxkit-linux-musl/bits/c++allocator.h:33,
                 from /usr/include/c++/8.3.0/bits/allocator.h:46,
                 from /usr/include/c++/8.3.0/bits/stl_tree.h:64,
                 from /usr/include/c++/8.3.0/set:60,
                 from tigervnc-1.9.0/common/rfb/ConnParams.h:26,
                 from tigervnc-1.9.0/common/rfb/SMsgHandler.h:28,
                 from tigervnc-1.9.0/common/rfb/SConnection.h:29,
                 from tigervnc-1.9.0/common/rfb/SSecurity.h:47,
                 from tigervnc-1.9.0/common/rfb/SSecurityStack.h:23,
                 from tigervnc-1.9.0/common/rfb/SSecurityVeNCrypt.h:32,
                 from tigervnc-1.9.0/common/rfb/CSecurityTLS.h:34,
                 from tigervnc-1.9.0/common/rfb/CSecurityTLS.cxx:36:
/usr/include/c++/8.3.0/new:122:7: note: in a call to allocation function ‘void* operator new [](std::size_t)’ declared here
 void* operator new[](std::size_t) _GLIBCXX_THROW (std::bad_alloc)
       ^~~~~~~~
---
 common/rfb/CSecurityTLS.cxx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index c6d1e310..235df45d 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -383,7 +383,7 @@ void CSecurityTLS::checkSession()
   size_t out_size = 0;
   char *out_buf = NULL;
   char *certinfo = NULL;
-  int len = 0;
+  size_t len = 0;
 
   vlog.debug("certificate issuer unknown");
 
@@ -403,7 +403,7 @@ void CSecurityTLS::checkSession()
                           "authority:\n\n%s\n\nDo you want to save it and "
                           "continue? ", info.data);
 
-  for (int i = 0; i < len - 1; i++)
+  for (size_t i = 0; i < len - 1; i++)
     if (certinfo[i] == ',' && certinfo[i + 1] == ' ')
       certinfo[i] = '\n';
 
-- 
2.19.2