Before asking for element from the PRIMARY_DRAWING_ORDER_FIELD_BYTES[] array, check if the array is big enough.
This commit is contained in:
parent
cb4668ca68
commit
3aa804f176
@ -120,7 +120,7 @@ uint16 fastpath_read_header_rdp(rdpFastPath* fastpath, STREAM* s)
|
||||
return length - stream_get_length(s);
|
||||
}
|
||||
|
||||
static void fastpath_recv_orders(rdpFastPath* fastpath, STREAM* s)
|
||||
static boolean fastpath_recv_orders(rdpFastPath* fastpath, STREAM* s)
|
||||
{
|
||||
rdpUpdate* update = fastpath->rdp->update;
|
||||
uint16 numberOrders;
|
||||
@ -129,9 +129,12 @@ static void fastpath_recv_orders(rdpFastPath* fastpath, STREAM* s)
|
||||
|
||||
while (numberOrders > 0)
|
||||
{
|
||||
update_recv_order(update, s);
|
||||
if (!update_recv_order(update, s))
|
||||
return false;
|
||||
numberOrders--;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static void fastpath_recv_update_common(rdpFastPath* fastpath, STREAM* s)
|
||||
@ -161,7 +164,7 @@ static void fastpath_recv_update_synchronize(rdpFastPath* fastpath, STREAM* s)
|
||||
stream_seek_uint16(s); /* size (2 bytes), must be set to zero */
|
||||
}
|
||||
|
||||
static void fastpath_recv_update(rdpFastPath* fastpath, uint8 updateCode, uint32 size, STREAM* s)
|
||||
static boolean fastpath_recv_update(rdpFastPath* fastpath, uint8 updateCode, uint32 size, STREAM* s)
|
||||
{
|
||||
rdpUpdate* update = fastpath->rdp->update;
|
||||
rdpContext* context = fastpath->rdp->update->context;
|
||||
@ -170,7 +173,8 @@ static void fastpath_recv_update(rdpFastPath* fastpath, uint8 updateCode, uint32
|
||||
switch (updateCode)
|
||||
{
|
||||
case FASTPATH_UPDATETYPE_ORDERS:
|
||||
fastpath_recv_orders(fastpath, s);
|
||||
if (!fastpath_recv_orders(fastpath, s))
|
||||
return false;
|
||||
break;
|
||||
|
||||
case FASTPATH_UPDATETYPE_BITMAP:
|
||||
@ -221,9 +225,11 @@ static void fastpath_recv_update(rdpFastPath* fastpath, uint8 updateCode, uint32
|
||||
DEBUG_WARN("unknown updateCode 0x%X", updateCode);
|
||||
break;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static void fastpath_recv_update_data(rdpFastPath* fastpath, STREAM* s)
|
||||
static boolean fastpath_recv_update_data(rdpFastPath* fastpath, STREAM* s)
|
||||
{
|
||||
uint16 size;
|
||||
int next_pos;
|
||||
@ -291,12 +297,17 @@ static void fastpath_recv_update_data(rdpFastPath* fastpath, STREAM* s)
|
||||
}
|
||||
|
||||
if (update_stream)
|
||||
fastpath_recv_update(fastpath, updateCode, totalSize, update_stream);
|
||||
{
|
||||
if (!fastpath_recv_update(fastpath, updateCode, totalSize, update_stream))
|
||||
return false;
|
||||
}
|
||||
|
||||
stream_set_pos(s, next_pos);
|
||||
|
||||
if (comp_stream != s)
|
||||
xfree(comp_stream);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
boolean fastpath_recv_updates(rdpFastPath* fastpath, STREAM* s)
|
||||
@ -307,7 +318,11 @@ boolean fastpath_recv_updates(rdpFastPath* fastpath, STREAM* s)
|
||||
|
||||
while (stream_get_left(s) >= 3)
|
||||
{
|
||||
fastpath_recv_update_data(fastpath, s);
|
||||
if (!fastpath_recv_update_data(fastpath, s))
|
||||
{
|
||||
/* XXX: Do we need to call EndPaint? */
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
IFCALL(update->EndPaint, update->context);
|
||||
|
@ -55,8 +55,6 @@ static const char* const PRIMARY_DRAWING_ORDER_STRINGS[] =
|
||||
"GlyphIndex"
|
||||
};
|
||||
|
||||
#define PRIMARY_DRAWING_ORDER_COUNT (sizeof(PRIMARY_DRAWING_ORDER_STRINGS) / sizeof(PRIMARY_DRAWING_ORDER_STRINGS[0]))
|
||||
|
||||
static const char* const SECONDARY_DRAWING_ORDER_STRINGS[] =
|
||||
{
|
||||
"Cache Bitmap",
|
||||
@ -123,6 +121,8 @@ static const uint8 PRIMARY_DRAWING_ORDER_FIELD_BYTES[] =
|
||||
GLYPH_INDEX_ORDER_FIELD_BYTES
|
||||
};
|
||||
|
||||
#define PRIMARY_DRAWING_ORDER_COUNT (sizeof(PRIMARY_DRAWING_ORDER_FIELD_BYTES) / sizeof(PRIMARY_DRAWING_ORDER_FIELD_BYTES[0]))
|
||||
|
||||
static const uint8 CBR2_BPP[] =
|
||||
{
|
||||
0, 0, 0, 8, 16, 24, 32
|
||||
@ -1683,7 +1683,7 @@ void update_read_bounds(STREAM* s, rdpBounds* bounds)
|
||||
update_read_coord(s, &bounds->bottom, true);
|
||||
}
|
||||
|
||||
void update_recv_primary_order(rdpUpdate* update, STREAM* s, uint8 flags)
|
||||
boolean update_recv_primary_order(rdpUpdate* update, STREAM* s, uint8 flags)
|
||||
{
|
||||
ORDER_INFO* orderInfo;
|
||||
rdpContext* context = update->context;
|
||||
@ -1694,6 +1694,12 @@ void update_recv_primary_order(rdpUpdate* update, STREAM* s, uint8 flags)
|
||||
if (flags & ORDER_TYPE_CHANGE)
|
||||
stream_read_uint8(s, orderInfo->orderType); /* orderType (1 byte) */
|
||||
|
||||
if (orderInfo->orderType >= PRIMARY_DRAWING_ORDER_COUNT)
|
||||
{
|
||||
printf("Invalid Primary Drawing Order (0x%02X)\n", orderInfo->orderType);
|
||||
return false;
|
||||
}
|
||||
|
||||
update_read_field_flags(s, &(orderInfo->fieldFlags), flags,
|
||||
PRIMARY_DRAWING_ORDER_FIELD_BYTES[orderInfo->orderType]);
|
||||
|
||||
@ -1708,10 +1714,7 @@ void update_recv_primary_order(rdpUpdate* update, STREAM* s, uint8 flags)
|
||||
orderInfo->deltaCoordinates = (flags & ORDER_DELTA_COORDINATES) ? true : false;
|
||||
|
||||
#ifdef WITH_DEBUG_ORDERS
|
||||
if (orderInfo->orderType < PRIMARY_DRAWING_ORDER_COUNT)
|
||||
printf("%s Primary Drawing Order (0x%02X)\n", PRIMARY_DRAWING_ORDER_STRINGS[orderInfo->orderType], orderInfo->orderType);
|
||||
else
|
||||
printf("Unknown Primary Drawing Order (0x%02X)\n", orderInfo->orderType);
|
||||
printf("%s Primary Drawing Order (0x%02X)\n", PRIMARY_DRAWING_ORDER_STRINGS[orderInfo->orderType], orderInfo->orderType);
|
||||
#endif
|
||||
|
||||
switch (orderInfo->orderType)
|
||||
@ -1834,6 +1837,8 @@ void update_recv_primary_order(rdpUpdate* update, STREAM* s, uint8 flags)
|
||||
{
|
||||
IFCALL(update->SetBounds, context, NULL);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
void update_recv_secondary_order(rdpUpdate* update, STREAM* s, uint8 flags)
|
||||
@ -2004,7 +2009,7 @@ void update_recv_altsec_order(rdpUpdate* update, STREAM* s, uint8 flags)
|
||||
}
|
||||
}
|
||||
|
||||
void update_recv_order(rdpUpdate* update, STREAM* s)
|
||||
boolean update_recv_order(rdpUpdate* update, STREAM* s)
|
||||
{
|
||||
uint8 controlFlags;
|
||||
|
||||
@ -2015,6 +2020,10 @@ void update_recv_order(rdpUpdate* update, STREAM* s)
|
||||
else if (controlFlags & ORDER_SECONDARY)
|
||||
update_recv_secondary_order(update, s, controlFlags);
|
||||
else
|
||||
update_recv_primary_order(update, s, controlFlags);
|
||||
}
|
||||
{
|
||||
if (!update_recv_primary_order(update, s, controlFlags))
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
@ -184,7 +184,7 @@
|
||||
|
||||
#define CG_GLYPH_UNICODE_PRESENT 0x0010
|
||||
|
||||
void update_recv_order(rdpUpdate* update, STREAM* s);
|
||||
boolean update_recv_order(rdpUpdate* update, STREAM* s);
|
||||
|
||||
void update_read_dstblt_order(STREAM* s, ORDER_INFO* orderInfo, DSTBLT_ORDER* dstblt);
|
||||
void update_read_patblt_order(STREAM* s, ORDER_INFO* orderInfo, PATBLT_ORDER* patblt);
|
||||
|
@ -471,7 +471,7 @@ void rdp_recv_set_error_info_data_pdu(rdpRdp* rdp, STREAM* s)
|
||||
rdp_print_errinfo(rdp->errorInfo);
|
||||
}
|
||||
|
||||
void rdp_recv_data_pdu(rdpRdp* rdp, STREAM* s)
|
||||
boolean rdp_recv_data_pdu(rdpRdp* rdp, STREAM* s)
|
||||
{
|
||||
uint8 type;
|
||||
uint16 length;
|
||||
@ -489,7 +489,8 @@ void rdp_recv_data_pdu(rdpRdp* rdp, STREAM* s)
|
||||
switch (type)
|
||||
{
|
||||
case DATA_PDU_TYPE_UPDATE:
|
||||
update_recv(rdp->update, s);
|
||||
if (!update_recv(rdp->update, s))
|
||||
return false;
|
||||
break;
|
||||
|
||||
case DATA_PDU_TYPE_CONTROL:
|
||||
@ -571,6 +572,8 @@ void rdp_recv_data_pdu(rdpRdp* rdp, STREAM* s)
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
boolean rdp_recv_out_of_sequence_pdu(rdpRdp* rdp, STREAM* s)
|
||||
@ -583,8 +586,7 @@ boolean rdp_recv_out_of_sequence_pdu(rdpRdp* rdp, STREAM* s)
|
||||
|
||||
if (type == PDU_TYPE_DATA)
|
||||
{
|
||||
rdp_recv_data_pdu(rdp, s);
|
||||
return true;
|
||||
return rdp_recv_data_pdu(rdp, s);
|
||||
}
|
||||
else if (type == PDU_TYPE_SERVER_REDIRECTION)
|
||||
{
|
||||
@ -719,7 +721,8 @@ static boolean rdp_recv_tpkt_pdu(rdpRdp* rdp, STREAM* s)
|
||||
switch (pduType)
|
||||
{
|
||||
case PDU_TYPE_DATA:
|
||||
rdp_recv_data_pdu(rdp, s);
|
||||
if (!rdp_recv_data_pdu(rdp, s))
|
||||
return false;
|
||||
break;
|
||||
|
||||
case PDU_TYPE_DEACTIVATE_ALL:
|
||||
|
@ -179,7 +179,7 @@ boolean rdp_send_pdu(rdpRdp* rdp, STREAM* s, uint16 type, uint16 channel_id);
|
||||
|
||||
STREAM* rdp_data_pdu_init(rdpRdp* rdp);
|
||||
boolean rdp_send_data_pdu(rdpRdp* rdp, STREAM* s, uint8 type, uint16 channel_id);
|
||||
void rdp_recv_data_pdu(rdpRdp* rdp, STREAM* s);
|
||||
boolean rdp_recv_data_pdu(rdpRdp* rdp, STREAM* s);
|
||||
|
||||
boolean rdp_send(rdpRdp* rdp, STREAM* s, uint16 channel_id);
|
||||
void rdp_recv(rdpRdp* rdp);
|
||||
|
@ -32,7 +32,7 @@ static const char* const UPDATE_TYPE_STRINGS[] =
|
||||
};
|
||||
*/
|
||||
|
||||
void update_recv_orders(rdpUpdate* update, STREAM* s)
|
||||
boolean update_recv_orders(rdpUpdate* update, STREAM* s)
|
||||
{
|
||||
uint16 numberOrders;
|
||||
|
||||
@ -42,9 +42,12 @@ void update_recv_orders(rdpUpdate* update, STREAM* s)
|
||||
|
||||
while (numberOrders > 0)
|
||||
{
|
||||
update_recv_order(update, s);
|
||||
if (!update_recv_order(update, s))
|
||||
return false;
|
||||
numberOrders--;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
void update_read_bitmap_data(STREAM* s, BITMAP_DATA* bitmap_data)
|
||||
@ -243,7 +246,7 @@ void update_recv_pointer(rdpUpdate* update, STREAM* s)
|
||||
}
|
||||
}
|
||||
|
||||
void update_recv(rdpUpdate* update, STREAM* s)
|
||||
boolean update_recv(rdpUpdate* update, STREAM* s)
|
||||
{
|
||||
uint16 updateType;
|
||||
rdpContext* context = update->context;
|
||||
@ -257,7 +260,11 @@ void update_recv(rdpUpdate* update, STREAM* s)
|
||||
switch (updateType)
|
||||
{
|
||||
case UPDATE_TYPE_ORDERS:
|
||||
update_recv_orders(update, s);
|
||||
if (!update_recv_orders(update, s))
|
||||
{
|
||||
/* XXX: Do we have to call EndPaint? */
|
||||
return false;
|
||||
}
|
||||
break;
|
||||
|
||||
case UPDATE_TYPE_BITMAP:
|
||||
@ -287,10 +294,13 @@ void update_recv(rdpUpdate* update, STREAM* s)
|
||||
rdp_read_share_control_header(s, &length, &pduType, &source);
|
||||
|
||||
if (pduType != PDU_TYPE_DATA)
|
||||
return;
|
||||
return false;
|
||||
|
||||
rdp_recv_data_pdu(update->context->rdp, s);
|
||||
if (!rdp_recv_data_pdu(update->context->rdp, s))
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
void update_reset_state(rdpUpdate* update)
|
||||
|
@ -44,7 +44,7 @@ void update_read_bitmap(rdpUpdate* update, STREAM* s, BITMAP_UPDATE* bitmap_upda
|
||||
void update_read_palette(rdpUpdate* update, STREAM* s, PALETTE_UPDATE* palette_update);
|
||||
void update_recv_play_sound(rdpUpdate* update, STREAM* s);
|
||||
void update_recv_pointer(rdpUpdate* update, STREAM* s);
|
||||
void update_recv(rdpUpdate* update, STREAM* s);
|
||||
boolean update_recv(rdpUpdate* update, STREAM* s);
|
||||
|
||||
void update_read_pointer_position(STREAM* s, POINTER_POSITION_UPDATE* pointer_position);
|
||||
void update_read_pointer_system(STREAM* s, POINTER_SYSTEM_UPDATE* pointer_system);
|
||||
|
Loading…
Reference in New Issue
Block a user