Bug 1861932 - Accessing byte-aligned data through uint16_t pointers can cause crashes or reduce performance
Summary: Accessing byte-aligned data through uint16_t pointers can cause crashes or re...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: vino
Version: 7.8
Hardware: arm
OS: Unspecified
unspecified
low
Target Milestone: rc
: ---
Assignee: Ondrej Holy
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-07-30 00:10 UTC by Todd Cullum
Modified: 2020-08-03 06:22 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-08-03 06:22:09 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Todd Cullum 2020-07-30 00:10:49 UTC
Description of problem:

Accessing byte-aligned data through uint16_t pointers can cause crashes
on some platforms or reduce the performance. This bug is in libvncserver which is bundled in vino.

Version-Release number of selected component (if applicable):
vino-3.22.0-7.el7

How reproducible:

I have not been able to reproduce this but it is acknowledged upstream here: https://github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2d


Actual results:

Can cause slow downs or crashes on ARM.

Expected results:

rfbSetClientColourMapBGR233() behaves normally without performance issues or crashes.

Additional info:

Note that this bug was originally picked up as a CVE/security issue. However, during analysis and after speaking with upstream developer Toby Junghans, we determined there is no security risk and this is a trivial reliability bug at most. I am filing this to let the maintainer know about the issue. I checked the code shipped in RHEL7 and found that the bug exists via code examination.

Comment 2 Ondrej Holy 2020-08-03 06:22:09 UTC
It is pretty late for RHEL 7, let's reconsider this for RHEL 8 (Bug 1861933).


Note You need to log in before you can comment on or make changes to this bug.