Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
freerdp.31491
freerdp-Added-missing-length-checks-in-zgfx_dec...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File freerdp-Added-missing-length-checks-in-zgfx_decompress_segme.patch of Package freerdp.31491
From 83e0d6c0355618e93dc72a98c64ee5a22dab8c29 Mon Sep 17 00:00:00 2001 From: akallabeth <akallabeth@posteo.net> Date: Thu, 13 Oct 2022 09:09:28 +0200 Subject: [PATCH] Added missing length checks in zgfx_decompress_segment (cherry picked from commit 64716b335858109d14f27b51acc4c4d71a92a816) --- libfreerdp/codec/zgfx.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/libfreerdp/codec/zgfx.c b/libfreerdp/codec/zgfx.c index 1a2878bd9..04ddeadb2 100644 --- a/libfreerdp/codec/zgfx.c +++ b/libfreerdp/codec/zgfx.c @@ -230,19 +230,19 @@ static BOOL zgfx_decompress_segment(ZGFX_CONTEXT* zgfx, wStream* stream, size_t BYTE* pbSegment; size_t cbSegment; - if (!zgfx || !stream) + if (!zgfx || !stream || (segmentSize < 2)) return FALSE; cbSegment = segmentSize - 1; - if ((Stream_GetRemainingLength(stream) < segmentSize) || (segmentSize < 1) || - (segmentSize > UINT32_MAX)) + if ((Stream_GetRemainingLength(stream) < segmentSize) || (segmentSize > UINT32_MAX)) return FALSE; Stream_Read_UINT8(stream, flags); /* header (1 byte) */ zgfx->OutputCount = 0; pbSegment = Stream_Pointer(stream); - Stream_Seek(stream, cbSegment); + if (!Stream_SafeSeek(stream, cbSegment)) + return FALSE; if (!(flags & PACKET_COMPRESSED)) { @@ -346,6 +346,9 @@ static BOOL zgfx_decompress_segment(ZGFX_CONTEXT* zgfx, wStream* stream, size_t if (count > sizeof(zgfx->OutputBuffer) - zgfx->OutputCount) return FALSE; + if (count > zgfx->cBitsRemaining / 8) + return FALSE; + CopyMemory(&(zgfx->OutputBuffer[zgfx->OutputCount]), zgfx->pbInputCurrent, count); zgfx_history_buffer_ring_write(zgfx, zgfx->pbInputCurrent, count); -- 2.39.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor