Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed Out-of-bound read in glyph_cache_put
CVE-2020-11098 thanks to @antonio-morales for finding this.
  • Loading branch information
akallabeth committed Jun 22, 2020
1 parent 6ade7b4 commit c0fd449
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion libfreerdp/cache/glyph.c
Expand Up @@ -579,7 +579,7 @@ BOOL glyph_cache_put(rdpGlyphCache* glyphCache, UINT32 id, UINT32 index, rdpGlyp
return FALSE;
}

if (index > glyphCache->glyphCache[id].number)
if (index >= glyphCache->glyphCache[id].number)
{
WLog_ERR(TAG, "invalid glyph cache index: %" PRIu32 " in cache id: %" PRIu32 "", index, id);
return FALSE;
Expand Down

2 comments on commit c0fd449

@tcullum-rh
Copy link

@tcullum-rh tcullum-rh commented on c0fd449 Jul 9, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@akallabeth re "Do not enable glyph-cache (default)" from GHSA, does this mean that glyph-cache is disabled or enabled by default? Just want to clarify that thanks.

@akallabeth
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tcullum-rh as glyph cache is nowadays kind of useless anyway it is disabled (and has been for a long time) due to drawing issues.

Please sign in to comment.