mirrors
/
FreeRDP
mirror of https://github.com/FreeRDP/FreeRDP
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix CVE-2020-11524: out of bounds access in interleaved 

Thanks to Sunglin and HuanGMz from Knownsec 404
This commit is contained in:
akallabeth 2020-03-30 18:05:17 +02:00 committed by akallabeth
parent e075f348d2
commit 7b1d4b4939
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libfreerdp/codec/include/bitmap.c
View File

@ -334,6 +334,9 @@ static INLINE BOOL RLEDECOMPRESS(const BYTE* pbSrcBuffer, UINT32 cbSrcBuffer, BY
case MEGA_MEGA_COLOR_IMAGE:
runLength = ExtractRunLength(code, pbSrc, &advance);
pbSrc = pbSrc + advance;
if (!ENSURE_CAPACITY(pbDest, pbDestEnd, runLength))
return FALSE;
UNROLL(runLength, {
SRCREADPIXEL(temp, pbSrc);
SRCNEXTPIXEL(pbSrc);

2
libfreerdp/codec/interleaved.c
View File

@ -215,7 +215,7 @@ static INLINE BOOL ensure_capacity(const BYTE* start, const BYTE* end, size_t si
{
const size_t available = (uintptr_t)end - (uintptr_t)start;
const BOOL rc = available >= size * base;
return rc;
return rc && (start <= end);
}
static INLINE void write_pixel_8(BYTE* _buf, BYTE _pix)