mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[core,update] fix missing plausibility check

Browse Source 
abort parsing of cache brush if not enough data is available.
This commit is contained in:
akallabeth 2024-04-22 09:35:52 +02:00 committed by akallabeth
parent 626d10a94a
commit cb15c1c78a
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libfreerdp/core/update.c
View File

@ -2031,7 +2031,9 @@ static BOOL update_send_cache_brush(rdpContext* context, const CACHE_BRUSH_ORDER
return FALSE;
const size_t em = Stream_GetPosition(s);
WINPR_ASSERT(em > bm + 13);
if (em <= bm + 13)
return FALSE;
const size_t orderLength = (em - bm) - 13;
WINPR_ASSERT(orderLength <= UINT16_MAX);
Stream_SetPosition(s, bm);