[Tigervnc-commits] SF.net SVN: tigervnc:[5163] branches/1_3/common/rfb/zrleDecode.h

Wed, 19 Mar 2014 05:07:09 -0700 

Revision: 5163
          http://sourceforge.net/p/tigervnc/code/5163
Author:   ossman_
Date:     2014-03-19 12:06:24 +0000 (Wed, 19 Mar 2014)
Log Message:
-----------
The ZRLE decoder relied on an assert() for boundary checks. A default
Release build however will remove all asserts making it possible to
overrun this buffer. This could be exploited by a malicious server.
This issue has been assigned CVE-2014-0011.

Modified Paths:
--------------
    branches/1_3/common/rfb/zrleDecode.h

Modified: branches/1_3/common/rfb/zrleDecode.h
===================================================================
--- branches/1_3/common/rfb/zrleDecode.h        2014-02-24 10:21:29 UTC (rev 
5162)
+++ branches/1_3/common/rfb/zrleDecode.h        2014-03-19 12:06:24 UTC (rev 
5163)
@@ -25,9 +25,10 @@
 // FILL_RECT          - fill a rectangle with a single colour
 // IMAGE_RECT         - draw a rectangle of pixel data from a buffer
 
+#include <stdio.h>
 #include <rdr/InStream.h>
 #include <rdr/ZlibInStream.h>
-#include <assert.h>
+#include <rfb/Exception.h>
 
 namespace rfb {
 
@@ -143,7 +144,10 @@
               len += b;
             } while (b == 255);
 
-            assert(len <= end - ptr);
+            if (end - ptr < len) {
+              fprintf (stderr, "ZRLE decode error\n");
+              throw Exception ("ZRLE decode error");
+            }
 
 #ifdef FAVOUR_FILL_RECT
             int i = ptr - buf;
@@ -193,7 +197,10 @@
                 len += b;
               } while (b == 255);
 
-              assert(len <= end - ptr);
+              if (end - ptr < len) {
+                fprintf (stderr, "ZRLE decode error\n");
+                throw Exception ("ZRLE decode error");
+              }
             }
 
             index &= 127;

This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.


------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Tigervnc-commits mailing list
Tigervnc-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tigervnc-commits

Reply via email to