mirrors
/
FreeRDP
mirror of https://github.com/FreeRDP/FreeRDP
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed CVE-2018-8787 

Thanks to Eyal Itkin from Check Point Software Technologies.
This commit is contained in:
Armin Novak 2018-10-22 16:30:20 +02:00
parent 445a5a42c5
commit 09b9d4f199
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libfreerdp/gdi/graphics.c
View File

@ -141,9 +141,17 @@ static BOOL gdi_Bitmap_Decompress(rdpContext* context, rdpBitmap* bitmap,
{ {
UINT32 SrcSize = length; UINT32 SrcSize = length;
rdpGdi* gdi = context->gdi; rdpGdi* gdi = context->gdi;
UINT32 size = DstWidth * DstHeight;
bitmap->compressed = FALSE; bitmap->compressed = FALSE;
bitmap->format = gdi->dstFormat; bitmap->format = gdi->dstFormat;
bitmap->length = DstWidth * DstHeight * GetBytesPerPixel(bitmap->format);
if ((GetBytesPerPixel(bitmap->format) == 0) ||
(DstWidth == 0) || (DstHeight == 0) || (DstWidth > UINT32_MAX / DstHeight) ||
(size > (UINT32_MAX / GetBytesPerPixel(bitmap->format))))
return FALSE;
size *= GetBytesPerPixel(bitmap->format);
bitmap->length = size;
bitmap->data = (BYTE*) _aligned_malloc(bitmap->length, 16); bitmap->data = (BYTE*) _aligned_malloc(bitmap->length, 16);
if (!bitmap->data) if (!bitmap->data)