mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[codec,interleaved] fix bounds checks

Browse Source
This commit is contained in:
akallabeth 2023-08-23 09:24:00 +02:00 committed by Martin Fleisz
parent 04f5790fd4
commit 11461a1b6d
2 changed files with 74 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
libfreerdp/codec/include/bitmap.c
View File

@ -49,7 +49,6 @@ static INLINE BYTE* WRITEFGBGIMAGE(BYTE* pbDest, const BYTE* pbDestEnd, UINT32 r
data = xorPixel;
DESTWRITEPIXEL(pbDest, data);
DESTNEXTPIXEL(pbDest);
mask = mask << 1;
});
return pbDest;
@ -82,7 +81,6 @@ static INLINE BYTE* WRITEFIRSTLINEFGBGIMAGE(BYTE* pbDest, const BYTE* pbDestEnd,
data = BLACK_PIXEL;
DESTWRITEPIXEL(pbDest, data);
DESTNEXTPIXEL(pbDest);
mask = mask << 1;
});
return pbDest;
@ -156,6 +154,8 @@ static INLINE BOOL RLEDECOMPRESS(const BYTE* pbSrcBuffer, UINT32 cbSrcBuffer, BY
if ((code == REGULAR_BG_RUN) || (code == MEGA_MEGA_BG_RUN))
{
runLength = ExtractRunLength(code, pbSrc, pbEnd, &advance);
if (advance == 0)
return FALSE;
pbSrc = pbSrc + advance;
if (fFirstLine)
@ -166,17 +166,13 @@ static INLINE BOOL RLEDECOMPRESS(const BYTE* pbSrcBuffer, UINT32 cbSrcBuffer, BY
return FALSE;
DESTWRITEPIXEL(pbDest, fgPel);
DESTNEXTPIXEL(pbDest);
runLength = runLength - 1;
}
if (!ENSURE_CAPACITY(pbDest, pbDestEnd, runLength))
return FALSE;
UNROLL(runLength, {
DESTWRITEPIXEL(pbDest, BLACK_PIXEL);
DESTNEXTPIXEL(pbDest);
});
UNROLL(runLength, { DESTWRITEPIXEL(pbDest, BLACK_PIXEL); });
}
else
{
@ -188,7 +184,6 @@ static INLINE BOOL RLEDECOMPRESS(const BYTE* pbSrcBuffer, UINT32 cbSrcBuffer, BY
return FALSE;
DESTWRITEPIXEL(pbDest, temp ^ fgPel);
DESTNEXTPIXEL(pbDest);
runLength--;
}
@ -198,7 +193,6 @@ static INLINE BOOL RLEDECOMPRESS(const BYTE* pbSrcBuffer, UINT32 cbSrcBuffer, BY
UNROLL(runLength, {
DESTREADPIXEL(temp, pbDest - rowDelta);
DESTWRITEPIXEL(pbDest, temp);
DESTNEXTPIXEL(pbDest);
});
}
@ -219,14 +213,15 @@ static INLINE BOOL RLEDECOMPRESS(const BYTE* pbSrcBuffer, UINT32 cbSrcBuffer, BY
case LITE_SET_FG_FG_RUN:
case MEGA_MEGA_SET_FG_RUN:
runLength = ExtractRunLength(code, pbSrc, pbEnd, &advance);
if (advance == 0)
return FALSE;
pbSrc = pbSrc + advance;
if (code == LITE_SET_FG_FG_RUN || code == MEGA_MEGA_SET_FG_RUN)
{
if (!buffer_within_range(pbSrc, pbEnd))
if (!buffer_within_range(pbSrc + sizeof(fgPel), pbEnd))
return FALSE;
SRCREADPIXEL(fgPel, pbSrc);
SRCNEXTPIXEL(pbSrc);
}
if (!ENSURE_CAPACITY(pbDest, pbDestEnd, runLength))
@ -234,17 +229,13 @@ static INLINE BOOL RLEDECOMPRESS(const BYTE* pbSrcBuffer, UINT32 cbSrcBuffer, BY
if (fFirstLine)
{
UNROLL(runLength, {
DESTWRITEPIXEL(pbDest, fgPel);
DESTNEXTPIXEL(pbDest);
});
UNROLL(runLength, { DESTWRITEPIXEL(pbDest, fgPel); });
}
else
{
UNROLL(runLength, {
DESTREADPIXEL(temp, pbDest - rowDelta);
DESTWRITEPIXEL(pbDest, temp ^ fgPel);
DESTNEXTPIXEL(pbDest);
});
}
@ -254,24 +245,22 @@ static INLINE BOOL RLEDECOMPRESS(const BYTE* pbSrcBuffer, UINT32 cbSrcBuffer, BY
case LITE_DITHERED_RUN:
case MEGA_MEGA_DITHERED_RUN:
runLength = ExtractRunLength(code, pbSrc, pbEnd, &advance);
if (advance == 0)
return FALSE;
pbSrc = pbSrc + advance;
if (!buffer_within_range(pbSrc, pbEnd))
if (!buffer_within_range(pbSrc + sizeof(pixelA), pbEnd))
return FALSE;
SRCREADPIXEL(pixelA, pbSrc);
SRCNEXTPIXEL(pbSrc);
if (!buffer_within_range(pbSrc, pbEnd))
if (!buffer_within_range(pbSrc + sizeof(pixelB), pbEnd))
return FALSE;
SRCREADPIXEL(pixelB, pbSrc);
SRCNEXTPIXEL(pbSrc);
if (!ENSURE_CAPACITY(pbDest, pbDestEnd, runLength * 2))
return FALSE;
UNROLL(runLength, {
DESTWRITEPIXEL(pbDest, pixelA);
DESTNEXTPIXEL(pbDest);
DESTWRITEPIXEL(pbDest, pixelB);
DESTNEXTPIXEL(pbDest);
});
break;
@ -279,19 +268,17 @@ static INLINE BOOL RLEDECOMPRESS(const BYTE* pbSrcBuffer, UINT32 cbSrcBuffer, BY
case REGULAR_COLOR_RUN:
case MEGA_MEGA_COLOR_RUN:
runLength = ExtractRunLength(code, pbSrc, pbEnd, &advance);
if (advance == 0)
return FALSE;
pbSrc = pbSrc + advance;
if (!buffer_within_range(pbSrc, pbEnd))
if (!buffer_within_range(pbSrc + sizeof(pixelA), pbEnd))
return FALSE;
SRCREADPIXEL(pixelA, pbSrc);
SRCNEXTPIXEL(pbSrc);
if (!ENSURE_CAPACITY(pbDest, pbDestEnd, runLength))
return FALSE;
UNROLL(runLength, {
DESTWRITEPIXEL(pbDest, pixelA);
DESTNEXTPIXEL(pbDest);
});
UNROLL(runLength, { DESTWRITEPIXEL(pbDest, pixelA); });
break;
/* Handle Foreground/Background Image Orders. */
@ -300,14 +287,15 @@ static INLINE BOOL RLEDECOMPRESS(const BYTE* pbSrcBuffer, UINT32 cbSrcBuffer, BY
case LITE_SET_FG_FGBG_IMAGE:
case MEGA_MEGA_SET_FGBG_IMAGE:
runLength = ExtractRunLength(code, pbSrc, pbEnd, &advance);
if (advance == 0)
return FALSE;
pbSrc = pbSrc + advance;
if (!buffer_within_range(pbSrc, pbEnd))
if (!buffer_within_range(pbSrc + sizeof(fgPel), pbEnd))
return FALSE;
if (code == LITE_SET_FG_FGBG_IMAGE || code == MEGA_MEGA_SET_FGBG_IMAGE)
{
SRCREADPIXEL(fgPel, pbSrc);
SRCNEXTPIXEL(pbSrc);
}
if (fFirstLine)
@ -365,6 +353,8 @@ static INLINE BOOL RLEDECOMPRESS(const BYTE* pbSrcBuffer, UINT32 cbSrcBuffer, BY
case REGULAR_COLOR_IMAGE:
case MEGA_MEGA_COLOR_IMAGE:
runLength = ExtractRunLength(code, pbSrc, pbEnd, &advance);
if (advance == 0)
return FALSE;
pbSrc = pbSrc + advance;
if (!ENSURE_CAPACITY(pbDest, pbDestEnd, runLength))
return FALSE;
@ -373,9 +363,7 @@ static INLINE BOOL RLEDECOMPRESS(const BYTE* pbSrcBuffer, UINT32 cbSrcBuffer, BY
UNROLL(runLength, {
SRCREADPIXEL(temp, pbSrc);
SRCNEXTPIXEL(pbSrc);
DESTWRITEPIXEL(pbDest, temp);
DESTNEXTPIXEL(pbDest);
});
break;
@ -427,7 +415,6 @@ static INLINE BOOL RLEDECOMPRESS(const BYTE* pbSrcBuffer, UINT32 cbSrcBuffer, BY
return FALSE;
DESTWRITEPIXEL(pbDest, WHITE_PIXEL);
DESTNEXTPIXEL(pbDest);
break;
/* Handle Black Order. */
@ -438,7 +425,6 @@ static INLINE BOOL RLEDECOMPRESS(const BYTE* pbSrcBuffer, UINT32 cbSrcBuffer, BY
return FALSE;
DESTWRITEPIXEL(pbDest, BLACK_PIXEL);
DESTNEXTPIXEL(pbDest);
break;
default:

72
libfreerdp/codec/interleaved.c
View File

@ -208,7 +208,10 @@ static UINT ExtractRunLengthRegularFgBg(const BYTE* pbOrderHdr, const BYTE* pbEn
if (runLength == 0)
{
if (!buffer_within_range(pbOrderHdr + 1, pbEnd))
{
*advance = 0;
return 0;
}
runLength = *(pbOrderHdr + 1) + 1;
(*advance)++;
}
@ -230,7 +233,10 @@ static UINT ExtractRunLengthLiteFgBg(const BYTE* pbOrderHdr, const BYTE* pbEnd,
if (runLength == 0)
{
if (!buffer_within_range(pbOrderHdr + 1, pbEnd))
{
*advance = 0;
return 0;
}
runLength = *(pbOrderHdr + 1) + 1;
(*advance)++;
}
@ -252,7 +258,10 @@ static UINT ExtractRunLengthRegular(const BYTE* pbOrderHdr, const BYTE* pbEnd, U
if (runLength == 0)
{
if (!buffer_within_range(pbOrderHdr + 1, pbEnd))
{
*advance = 0;
return 0;
}
runLength = *(pbOrderHdr + 1) + 32;
(*advance)++;
}
@ -269,7 +278,10 @@ static UINT ExtractRunLengthMegaMega(const BYTE* pbOrderHdr, const BYTE* pbEnd,
WINPR_ASSERT(advance);
if (!buffer_within_range(pbOrderHdr + 2, pbEnd))
{
*advance = 0;
return 0;
}
runLength = ((UINT16)pbOrderHdr[1]) | (((UINT16)pbOrderHdr[2]) << 8);
(*advance) += 2;
@ -289,7 +301,10 @@ static UINT ExtractRunLengthLite(const BYTE* pbOrderHdr, const BYTE* pbEnd, UINT
if (runLength == 0)
{
if (!buffer_within_range(pbOrderHdr + 1, pbEnd))
{
*advance = 0;
return 0;
}
runLength = *(pbOrderHdr + 1) + 16;
(*advance)++;
}
@ -306,6 +321,7 @@ static INLINE UINT32 ExtractRunLength(UINT32 code, const BYTE* pbOrderHdr, const
WINPR_ASSERT(pbEnd);
WINPR_ASSERT(advance);
*advance = 0;
if (!buffer_within_range(pbOrderHdr, pbEnd))
return 0;
@ -393,19 +409,26 @@ static INLINE void write_pixel_16(BYTE* _buf, UINT16 _pix)
#undef DESTWRITEPIXEL
#undef DESTREADPIXEL
#undef SRCREADPIXEL
#undef DESTNEXTPIXEL
#undef SRCNEXTPIXEL
#undef WRITEFGBGIMAGE
#undef WRITEFIRSTLINEFGBGIMAGE
#undef RLEDECOMPRESS
#undef RLEEXTRA
#undef WHITE_PIXEL
#define WHITE_PIXEL 0xFF
#define DESTWRITEPIXEL(_buf, _pix) write_pixel_8(_buf, _pix)
#define DESTWRITEPIXEL(_buf, _pix) \
do \
{ \
write_pixel_8(_buf, _pix); \
_buf += 1; \
} while (0)
#define DESTREADPIXEL(_pix, _buf) _pix = (_buf)[0]
#define SRCREADPIXEL(_pix, _buf) _pix = (_buf)[0]
#define DESTNEXTPIXEL(_buf) _buf += 1
#define SRCNEXTPIXEL(_buf) _buf += 1
#define SRCREADPIXEL(_pix, _buf) \
do \
{ \
_pix = (_buf)[0]; \
_buf += 1; \
} while (0)
#define WRITEFGBGIMAGE WriteFgBgImage8to8
#define WRITEFIRSTLINEFGBGIMAGE WriteFirstLineFgBgImage8to8
#define RLEDECOMPRESS RleDecompress8to8
@ -417,19 +440,25 @@ static INLINE void write_pixel_16(BYTE* _buf, UINT16 _pix)
#undef DESTWRITEPIXEL
#undef DESTREADPIXEL
#undef SRCREADPIXEL
#undef DESTNEXTPIXEL
#undef SRCNEXTPIXEL
#undef WRITEFGBGIMAGE
#undef WRITEFIRSTLINEFGBGIMAGE
#undef RLEDECOMPRESS
#undef RLEEXTRA
#undef WHITE_PIXEL
#define WHITE_PIXEL 0xFFFF
#define DESTWRITEPIXEL(_buf, _pix) write_pixel_16(_buf, _pix)
#define DESTWRITEPIXEL(_buf, _pix) \
do \
{ \
write_pixel_16(_buf, _pix); \
_buf += 2; \
} while (0)
#define DESTREADPIXEL(_pix, _buf) _pix = ((UINT16*)(_buf))[0]
#define SRCREADPIXEL(_pix, _buf) _pix = (_buf)[0] | ((_buf)[1] << 8)
#define DESTNEXTPIXEL(_buf) _buf += 2
#define SRCNEXTPIXEL(_buf) _buf += 2
#define SRCREADPIXEL(_pix, _buf) \
do \
{ \
_pix = (_buf)[0] | ((_buf)[1] << 8); \
_buf += 2; \
} while (0)
#define WRITEFGBGIMAGE WriteFgBgImage16to16
#define WRITEFIRSTLINEFGBGIMAGE WriteFirstLineFgBgImage16to16
#define RLEDECOMPRESS RleDecompress16to16
@ -441,19 +470,26 @@ static INLINE void write_pixel_16(BYTE* _buf, UINT16 _pix)
#undef DESTWRITEPIXEL
#undef DESTREADPIXEL
#undef SRCREADPIXEL
#undef DESTNEXTPIXEL
#undef SRCNEXTPIXEL
#undef WRITEFGBGIMAGE
#undef WRITEFIRSTLINEFGBGIMAGE
#undef RLEDECOMPRESS
#undef RLEEXTRA
#undef WHITE_PIXEL
#define WHITE_PIXEL 0xFFFFFF
#define DESTWRITEPIXEL(_buf, _pix) write_pixel_24(_buf, _pix)
#define DESTWRITEPIXEL(_buf, _pix) \
do \
{ \
write_pixel_24(_buf, _pix); \
_buf += 3; \
} while (0)
#define DESTREADPIXEL(_pix, _buf) _pix = (_buf)[0] | ((_buf)[1] << 8) | ((_buf)[2] << 16)
#define SRCREADPIXEL(_pix, _buf) _pix = (_buf)[0] | ((_buf)[1] << 8) | ((_buf)[2] << 16)
#define DESTNEXTPIXEL(_buf) _buf += 3
#define SRCNEXTPIXEL(_buf) _buf += 3
#define SRCREADPIXEL(_pix, _buf) \
do \
{ \
_pix = (_buf)[0] | ((_buf)[1] << 8) | ((_buf)[2] << 16); \
_buf += 3; \
} while (0)
#define WRITEFGBGIMAGE WriteFgBgImage24to24
#define WRITEFIRSTLINEFGBGIMAGE WriteFirstLineFgBgImage24to24
#define RLEDECOMPRESS RleDecompress24to24