mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[cache,pointer] Fixed cache size checks

Browse Source 
PointerCache and ColorPointerCache can be of different size
This commit is contained in:
akallabeth 2022-11-22 15:16:51 +01:00 committed by akallabeth
parent 97fd183d39
commit 6e82adea17
2 changed files with 28 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
libfreerdp/cache/pointer.c vendored
View File

@ -32,7 +32,8 @@
#define TAG FREERDP_TAG("cache.pointer")
static BOOL pointer_cache_put(rdpPointerCache* pointer_cache, UINT32 index, rdpPointer* pointer);
static BOOL pointer_cache_put(rdpPointerCache* pointer_cache, UINT32 index, rdpPointer* pointer,
BOOL colorCache);
static rdpPointer* pointer_cache_get(rdpPointerCache* pointer_cache, UINT32 index);
static void pointer_free(rdpContext* context, rdpPointer* pointer)
@ -163,7 +164,7 @@ static BOOL update_pointer_color(rdpContext* context, const POINTER_COLOR_UPDATE
if (!IFCALLRESULT(TRUE, pointer->New, context, pointer))
goto out_fail;
if (!pointer_cache_put(cache->pointer, pointer_color->cacheIndex, pointer))
if (!pointer_cache_put(cache->pointer, pointer_color->cacheIndex, pointer, TRUE))
goto out_fail;
if (!IFCALLRESULT(TRUE, pointer->Set, context, pointer))
@ -203,7 +204,7 @@ static BOOL update_pointer_large(rdpContext* context, const POINTER_LARGE_UPDATE
if (!IFCALLRESULT(TRUE, pointer->New, context, pointer))
goto out_fail;
if (!pointer_cache_put(cache->pointer, pointer_large->cacheIndex, pointer))
if (!pointer_cache_put(cache->pointer, pointer_large->cacheIndex, pointer, FALSE))
goto out_fail;
if (!IFCALLRESULT(TRUE, pointer->Set, context, pointer))
@ -242,7 +243,7 @@ static BOOL update_pointer_new(rdpContext* context, const POINTER_NEW_UPDATE* po
if (!IFCALLRESULT(TRUE, pointer->New, context, pointer))
goto out_fail;
if (!pointer_cache_put(cache->pointer, pointer_new->colorPtrAttr.cacheIndex, pointer))
if (!pointer_cache_put(cache->pointer, pointer_new->colorPtrAttr.cacheIndex, pointer, FALSE))
goto out_fail;
if (!IFCALLRESULT(TRUE, pointer->Set, context, pointer))
@ -290,16 +291,22 @@ rdpPointer* pointer_cache_get(rdpPointerCache* pointer_cache, UINT32 index)
return pointer;
}
BOOL pointer_cache_put(rdpPointerCache* pointer_cache, UINT32 index, rdpPointer* pointer)
BOOL pointer_cache_put(rdpPointerCache* pointer_cache, UINT32 index, rdpPointer* pointer,
BOOL colorCache)
{
rdpPointer* prevPointer;
const size_t id = colorCache ? FreeRDP_ColorPointerCacheSize : FreeRDP_PointerCacheSize;
WINPR_ASSERT(pointer_cache);
WINPR_ASSERT(pointer_cache->context);
if (index >= pointer_cache->cacheSize)
const UINT32 size = freerdp_settings_get_uint32(pointer_cache->context->settings, id);
if ((index >= pointer_cache->cacheSize) || (index >= size))
{
WLog_ERR(TAG, "invalid pointer index:%" PRIu32 " [%" PRIu32 "]", index,
pointer_cache->cacheSize);
WLog_ERR(TAG,
"invalid pointer index:%" PRIu32 " [allocated %" PRIu32 ", %s size %" PRIu32 "]",
index, pointer_cache->cacheSize,
colorCache ? "color-pointer-cache" : "pointer-cache", size);
return FALSE;
}
@ -350,7 +357,10 @@ rdpPointerCache* pointer_cache_new(rdpContext* context)
/* seen invalid pointer cache requests by mstsc (off by 1) so we ensure the cache entry size
* matches */
pointer_cache->cacheSize = freerdp_settings_get_uint32(settings, FreeRDP_PointerCacheSize) + 1;
const UINT32 size = freerdp_settings_get_uint32(settings, FreeRDP_PointerCacheSize);
const UINT32 colorSize = freerdp_settings_get_uint32(settings, FreeRDP_ColorPointerCacheSize);
pointer_cache->cacheSize = MAX(size, colorSize) + 1;
pointer_cache->entries = (rdpPointer**)calloc(pointer_cache->cacheSize, sizeof(rdpPointer*));
if (!pointer_cache->entries)

14
libfreerdp/core/capabilities.c
View File

@ -1079,6 +1079,7 @@ static BOOL rdp_apply_pointer_capability_set(rdpSettings* settings, const rdpSet
settings->ColorPointerFlag = FALSE;
settings->PointerCacheSize = src->PointerCacheSize;
settings->ColorPointerCacheSize = src->ColorPointerCacheSize;
return TRUE;
}
@ -1093,8 +1094,8 @@ static BOOL rdp_apply_pointer_capability_set(rdpSettings* settings, const rdpSet
static BOOL rdp_read_pointer_capability_set(wStream* s, rdpSettings* settings)
{
UINT16 colorPointerFlag;
UINT16 colorPointerCacheSize;
UINT16 colorPointerFlag = 0;
UINT16 colorPointerCacheSize = 0;
UINT16 pointerCacheSize = 0;
if (!Stream_CheckAndLogRequiredLength(TAG, s, 4))
@ -1109,7 +1110,8 @@ static BOOL rdp_read_pointer_capability_set(wStream* s, rdpSettings* settings)
WINPR_ASSERT(settings);
settings->ColorPointerFlag = colorPointerFlag;
settings->PointerCacheSize = MAX(pointerCacheSize, colorPointerCacheSize);
settings->PointerCacheSize = pointerCacheSize;
settings->ColorPointerCacheSize = colorPointerCacheSize;
return TRUE;
}
@ -1134,12 +1136,14 @@ static BOOL rdp_write_pointer_capability_set(wStream* s, const rdpSettings* sett
return FALSE;
if (settings->PointerCacheSize > UINT16_MAX)
return FALSE;
if (settings->ColorPointerCacheSize > UINT16_MAX)
return FALSE;
WINPR_ASSERT(settings);
colorPointerFlag = (settings->ColorPointerFlag) ? 1 : 0;
Stream_Write_UINT16(s, colorPointerFlag); /* colorPointerFlag (2 bytes) */
Stream_Write_UINT16(s,
(UINT16)settings->PointerCacheSize); /* colorPointerCacheSize (2 bytes) */
Stream_Write_UINT16(
s, (UINT16)settings->ColorPointerCacheSize); /* colorPointerCacheSize (2 bytes) */
if (settings->LargePointerFlag)
{