Bug 1861932

Summary: Accessing byte-aligned data through uint16_t pointers can cause crashes or reduce performance
Product: Red Hat Enterprise Linux 7 Reporter: Todd Cullum <tcullum>
Component: vinoAssignee: Ondrej Holy <oholy>
Status: CLOSED WONTFIX QA Contact: Desktop QE <desktop-qa-list>
Severity: low Docs Contact:
Priority: unspecified    
Version: 7.8   
Target Milestone: rc   
Target Release: ---   
Hardware: arm   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-08-03 06:22:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Todd Cullum 2020-07-30 00:10:49 UTC 
Description of problem:

Accessing byte-aligned data through uint16_t pointers can cause crashes
on some platforms or reduce the performance. This bug is in libvncserver which is bundled in vino.

Version-Release number of selected component (if applicable):
vino-3.22.0-7.el7

How reproducible:

I have not been able to reproduce this but it is acknowledged upstream here: https://github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2d


Actual results:

Can cause slow downs or crashes on ARM.

Expected results:

rfbSetClientColourMapBGR233() behaves normally without performance issues or crashes.

Additional info:

Note that this bug was originally picked up as a CVE/security issue. However, during analysis and after speaking with upstream developer Toby Junghans, we determined there is no security risk and this is a trivial reliability bug at most. I am filing this to let the maintainer know about the issue. I checked the code shipped in RHEL7 and found that the bug exists via code examination.
Comment 2 Ondrej Holy 2020-08-03 06:22:09 UTC 
It is pretty late for RHEL 7, let's reconsider this for RHEL 8 (Bug 1861933).