There is a buffer overread in the following call to msgsnd:
|
if (msgsnd(this->msgqueue_id, &message, sizeof(message), 0) == -1) |
As per the man page, the msgsz argument (third argument) should not include the size of the mtype field, only of the data field, so currently this call will read 4 extra bytes from memory and send them to the server.
(Related to ddvk/remarkable2-framebuffer#89.)
There is a buffer overread in the following call to
msgsnd:vnsee/src/rmioc/screen_rm2fb.cpp
Line 165 in 6ed9593
As per the man page, the
msgszargument (third argument) should not include the size of the mtype field, only of the data field, so currently this call will read 4 extra bytes from memory and send them to the server.(Related to ddvk/remarkable2-framebuffer#89.)