From 5db8919c98d8108a807d1ff296f352c83e79638e Mon Sep 17 00:00:00 2001 From: Anthony Tong Date: Thu, 1 Sep 2011 15:13:19 -0400 Subject: [PATCH 1/4] fix memory corruption issue --- libfreerdp-core/orders.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libfreerdp-core/orders.c b/libfreerdp-core/orders.c index 8d73089c9..573782490 100644 --- a/libfreerdp-core/orders.c +++ b/libfreerdp-core/orders.c @@ -753,9 +753,9 @@ void update_read_polyline_order(STREAM* s, ORDER_INFO* orderInfo, POLYLINE_ORDER stream_read_uint8(s, polyline->cbData); if (polyline->points == NULL) - polyline->points = (DELTA_POINT*) xmalloc(polyline->cbData); + polyline->points = (DELTA_POINT*) xmalloc(sizeof(DELTA_POINT) * polyline->cbData); else - polyline->points = (DELTA_POINT*) xrealloc(polyline->points, polyline->cbData); + polyline->points = (DELTA_POINT*) xrealloc(polyline->points, sizeof(DELTA_POINT) * polyline->cbData); update_read_delta_points(s, polyline->points, polyline->numPoints, polyline->xStart, polyline->yStart); } From 82e62778bc28dacc4b860c94e7bdceac8512b7fe Mon Sep 17 00:00:00 2001 From: Anthony Tong Date: Fri, 2 Sep 2011 10:53:27 -0400 Subject: [PATCH 2/4] The previous malloc fix was too large. --- libfreerdp-core/orders.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libfreerdp-core/orders.c b/libfreerdp-core/orders.c index 573782490..ef124f5da 100644 --- a/libfreerdp-core/orders.c +++ b/libfreerdp-core/orders.c @@ -751,11 +751,11 @@ void update_read_polyline_order(STREAM* s, ORDER_INFO* orderInfo, POLYLINE_ORDER if (orderInfo->fieldFlags & ORDER_FIELD_07) { stream_read_uint8(s, polyline->cbData); - +fprintf(stderr, "TONG %d %d %d\n", sizeof(DELTA_POINT*), polyline->cbData, polyline->numPoints); if (polyline->points == NULL) - polyline->points = (DELTA_POINT*) xmalloc(sizeof(DELTA_POINT) * polyline->cbData); + polyline->points = (DELTA_POINT*) xmalloc(sizeof(DELTA_POINT) * polyline->numPoints); else - polyline->points = (DELTA_POINT*) xrealloc(polyline->points, sizeof(DELTA_POINT) * polyline->cbData); + polyline->points = (DELTA_POINT*) xrealloc(polyline->points, sizeof(DELTA_POINT) * polyline->numPoints); update_read_delta_points(s, polyline->points, polyline->numPoints, polyline->xStart, polyline->yStart); } From fe207a5858f1b7e6af8cda4fb18ff8aa415d4cb2 Mon Sep 17 00:00:00 2001 From: Anthony Tong Date: Fri, 2 Sep 2011 11:08:50 -0400 Subject: [PATCH 3/4] Revert "The previous malloc fix was too large." This reverts commit 82e62778bc28dacc4b860c94e7bdceac8512b7fe. --- libfreerdp-core/orders.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libfreerdp-core/orders.c b/libfreerdp-core/orders.c index ef124f5da..573782490 100644 --- a/libfreerdp-core/orders.c +++ b/libfreerdp-core/orders.c @@ -751,11 +751,11 @@ void update_read_polyline_order(STREAM* s, ORDER_INFO* orderInfo, POLYLINE_ORDER if (orderInfo->fieldFlags & ORDER_FIELD_07) { stream_read_uint8(s, polyline->cbData); -fprintf(stderr, "TONG %d %d %d\n", sizeof(DELTA_POINT*), polyline->cbData, polyline->numPoints); + if (polyline->points == NULL) - polyline->points = (DELTA_POINT*) xmalloc(sizeof(DELTA_POINT) * polyline->numPoints); + polyline->points = (DELTA_POINT*) xmalloc(sizeof(DELTA_POINT) * polyline->cbData); else - polyline->points = (DELTA_POINT*) xrealloc(polyline->points, sizeof(DELTA_POINT) * polyline->numPoints); + polyline->points = (DELTA_POINT*) xrealloc(polyline->points, sizeof(DELTA_POINT) * polyline->cbData); update_read_delta_points(s, polyline->points, polyline->numPoints, polyline->xStart, polyline->yStart); } From 538197635250e62d6dad1b25c14b41c26d637ed5 Mon Sep 17 00:00:00 2001 From: Anthony Tong Date: Fri, 2 Sep 2011 11:09:29 -0400 Subject: [PATCH 4/4] The previous malloc fix was too large. --- libfreerdp-core/orders.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libfreerdp-core/orders.c b/libfreerdp-core/orders.c index 573782490..2da73f133 100644 --- a/libfreerdp-core/orders.c +++ b/libfreerdp-core/orders.c @@ -753,9 +753,9 @@ void update_read_polyline_order(STREAM* s, ORDER_INFO* orderInfo, POLYLINE_ORDER stream_read_uint8(s, polyline->cbData); if (polyline->points == NULL) - polyline->points = (DELTA_POINT*) xmalloc(sizeof(DELTA_POINT) * polyline->cbData); + polyline->points = (DELTA_POINT*) xmalloc(sizeof(DELTA_POINT) * polyline->numPoints); else - polyline->points = (DELTA_POINT*) xrealloc(polyline->points, sizeof(DELTA_POINT) * polyline->cbData); + polyline->points = (DELTA_POINT*) xrealloc(polyline->points, sizeof(DELTA_POINT) * polyline->numPoints); update_read_delta_points(s, polyline->points, polyline->numPoints, polyline->xStart, polyline->yStart); }