Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent double free by crafted fences. #438

Merged
merged 1 commit into from Mar 29, 2017

Conversation

michalsrb
Copy link
Contributor

If client sent fence with some data, followed by fence with no data (length 0), the original fence data were freed, but the pointer kept pointing at them. Sending one more fence would attempt to free them again.

fixes #437

If client sent fence with some data, followed by fence with no data (length 0), the original fence data were freed, but the pointer kept pointing at them. Sending one more fence would attempt to free them again.
@CendioOssman CendioOssman merged commit f3afa24 into TigerVNC:master Mar 29, 2017
@michalsrb michalsrb deleted the fix-double-free-fences branch March 29, 2017 13:05
@carnil
Copy link

carnil commented Apr 1, 2017

This has been assigned CVE-2017-7393

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Double free in server caused by fences
3 participants