static void update_read_synchronize(rdpUpdate* update, wStream* s)
{
WINPR_UNUSED(update);
Stream_Seek_UINT16(s); /* pad2Octets (2 bytes) */
/**
* The Synchronize Update is an artifact from the
* T.128 protocol and should be ignored.
*/
}
the code just seek the stream pointer without check stream's length, it could lead _s->pointer - _s->buffer > _s->length
Then the check in other functions could fail, and could lead out of bounds read later.
The text was updated successfully, but these errors were encountered:
hac425xxx
changed the title
stream out of bounds seek in update_read_synchronize could lead out of bounds read after
stream out of bounds seek in update_read_synchronize could lead out of bounds read later
Mar 31, 2020
version
vuln code
the code just seek the stream pointer without check stream's length, it could lead
_s->pointer - _s->buffer > _s->lengthThen the check in other functions could fail, and could lead out of bounds read later.
The text was updated successfully, but these errors were encountered: