Fix buffer overread and overrun in ipc #89
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Calls to msgsnd and msgrcv had an incorrect msgsz argument that was
consistently 4 bytes too long (it should not include the size of the
mtype field, as per the man page). This resulted in a buffer overread in
the case of msgsnd and overrun in the case of msgrcv.
Other implementations of rm2fb clients may also need to be fixed
(libremarkable, vnsee, waved). With this PR, the messages sent by bogus
clients that include 4 extra garbage bytes will still be accepted, but
truncated to fit in the actual structure, so as to preserve
compatibility until those clients are fixed.
Tested on rM2 2.11.0.442 with the following client apps: vnsee,
appmarkable, harmony, calculator, koreader (made sure that those apps
start and can send updates to the server successfully).