Skip to content

Commit

Permalink
Fix #6010: Check length in read_icon_info
Browse files Browse the repository at this point in the history
  • Loading branch information
@akallabeth
akallabeth committed Apr 2, 2020
1 parent 67c2aa5 commit 6b2bc41
Showing 1 changed file with 8 additions and 3 deletions.
11 changes: 8 additions & 3 deletions libfreerdp/core/window.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,9 +136,6 @@ static BOOL update_read_icon_info(wStream* s, ICON_INFO* iconInfo)
Stream_Read_UINT16(s, iconInfo->cbBitsMask); /* cbBitsMask (2 bytes) */
Stream_Read_UINT16(s, iconInfo->cbBitsColor); /* cbBitsColor (2 bytes) */

if (Stream_GetRemainingLength(s) < iconInfo->cbBitsMask + iconInfo->cbBitsColor)
return FALSE;

/* bitsMask */
newBitMask = (BYTE*)realloc(iconInfo->bitsMask, iconInfo->cbBitsMask);

Expand All @@ -150,6 +147,8 @@ static BOOL update_read_icon_info(wStream* s, ICON_INFO* iconInfo)
}

iconInfo->bitsMask = newBitMask;
if (Stream_GetRemainingLength(s) < iconInfo->cbBitsMask)
return FALSE;
Stream_Read(s, iconInfo->bitsMask, iconInfo->cbBitsMask);

/* colorTable */
Expand Down Expand Up @@ -184,7 +183,11 @@ static BOOL update_read_icon_info(wStream* s, ICON_INFO* iconInfo)
}

if (iconInfo->colorTable)
{
if (Stream_GetRemainingLength(s) < iconInfo->cbColorTable)
return FALSE;
Stream_Read(s, iconInfo->colorTable, iconInfo->cbColorTable);
}

/* bitsColor */
newBitMask = (BYTE*)realloc(iconInfo->bitsColor, iconInfo->cbBitsColor);
Expand All @@ -197,6 +200,8 @@ static BOOL update_read_icon_info(wStream* s, ICON_INFO* iconInfo)
}

iconInfo->bitsColor = newBitMask;
if (Stream_GetRemainingLength(s) < iconInfo->cbBitsColor)
return FALSE;
Stream_Read(s, iconInfo->bitsColor, iconInfo->cbBitsColor);
return TRUE;
}
Expand Down

0 comments on commit 6b2bc41

Please sign in to comment.