Permalink
Browse files

Fixed CVE-2018-8787

Thanks to Eyal Itkin from Check Point Software Technologies.
  • Loading branch information...
akallabeth committed Oct 22, 2018
1 parent 445a5a4 commit 09b9d4f1994a674c4ec85b4947aa656eda1aed8a
Showing with 9 additions and 1 deletion.
  1. +9 −1 libfreerdp/gdi/graphics.c
@@ -141,9 +141,17 @@ static BOOL gdi_Bitmap_Decompress(rdpContext* context, rdpBitmap* bitmap,
{
UINT32 SrcSize = length;
rdpGdi* gdi = context->gdi;
UINT32 size = DstWidth * DstHeight;
bitmap->compressed = FALSE;
bitmap->format = gdi->dstFormat;
bitmap->length = DstWidth * DstHeight * GetBytesPerPixel(bitmap->format);
if ((GetBytesPerPixel(bitmap->format) == 0) ||
(DstWidth == 0) || (DstHeight == 0) || (DstWidth > UINT32_MAX / DstHeight) ||
(size > (UINT32_MAX / GetBytesPerPixel(bitmap->format))))
return FALSE;
size *= GetBytesPerPixel(bitmap->format);
bitmap->length = size;
bitmap->data = (BYTE*) _aligned_malloc(bitmap->length, 16);
if (!bitmap->data)

0 comments on commit 09b9d4f

Please sign in to comment.