github/FreeRDP
7
0
Fork 0
mirror of https://github.com/FreeRDP/FreeRDP.git synced 2025-06-03 00:00:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added missing GFX sanity check

Browse Source
This commit is contained in:
Armin Novak 2021-06-28 12:28:50 +02:00 committed by akallabeth
parent a2cf4f591e
commit e5eb6368e5
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libfreerdp/gdi/gfx.c
View File

@ -60,6 +60,7 @@ static BOOL is_within_surface(const gdiGfxSurface* surface, const RDPGFX_SURFACE
surface->height); surface->height);
return FALSE; return FALSE;
} }
return TRUE; return TRUE;
} }
@ -275,6 +276,8 @@ static UINT gdi_SurfaceCommand_Uncompressed(rdpGdi* gdi, RdpgfxClientContext* co
UINT status = CHANNEL_RC_OK; UINT status = CHANNEL_RC_OK;
gdiGfxSurface* surface; gdiGfxSurface* surface;
RECTANGLE_16 invalidRect; RECTANGLE_16 invalidRect;
DWORD bpp;
size_t size;
surface = (gdiGfxSurface*)context->GetSurfaceData(context, cmd->surfaceId); surface = (gdiGfxSurface*)context->GetSurfaceData(context, cmd->surfaceId);
if (!surface) if (!surface)
@ -287,6 +290,15 @@ static UINT gdi_SurfaceCommand_Uncompressed(rdpGdi* gdi, RdpgfxClientContext* co
if (!is_within_surface(surface, cmd)) if (!is_within_surface(surface, cmd))
return ERROR_INVALID_DATA; return ERROR_INVALID_DATA;
bpp = GetBytesPerPixel(cmd->format);
size = bpp * cmd->width * cmd->height * 1ULL;
if (cmd->length < size)
{
WLog_ERR(TAG, "%s: Not enough data, got %" PRIu32 ", expected %" PRIuz, __FUNCTION__,
cmd->length, size);
return ERROR_INVALID_DATA;
}
if (!freerdp_image_copy(surface->data, surface->format, surface->scanline, cmd->left, cmd->top, if (!freerdp_image_copy(surface->data, surface->format, surface->scanline, cmd->left, cmd->top,
cmd->width, cmd->height, cmd->data, cmd->format, 0, 0, 0, NULL, cmd->width, cmd->height, cmd->data, cmd->format, 0, 0, 0, NULL,
FREERDP_FLIP_NONE)) FREERDP_FLIP_NONE))