Mirrored_Repos/LookingGlass
1
0
Fork 0
mirror of https://github.com/gnif/LookingGlass.git synced 2024-11-10 08:38:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[client] main: fix buffer overflow due to cursor data size change

Browse Source
This commit is contained in:
Geoffrey McRae 2021-11-02 01:01:17 +11:00
parent 7075fe2c54
commit a21eee26ab
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
client/src/main.c
View File

@ -305,6 +305,7 @@ int main_cursorThread(void * unused)
LGMP_STATUS status; LGMP_STATUS status;
LG_RendererCursor cursorType = LG_CURSOR_COLOR; LG_RendererCursor cursorType = LG_CURSOR_COLOR;
KVMFRCursor * cursor = NULL; KVMFRCursor * cursor = NULL;
int cursorSize = 0;
lgWaitEvent(e_startup, TIMEOUT_INFINITE); lgWaitEvent(e_startup, TIMEOUT_INFINITE);
@ -377,6 +378,12 @@ int main_cursorThread(void * unused)
break; break;
} }
if (cursor && msg.size > cursorSize)
{
free(cursor);
cursor = NULL;
}
/* copy and release the message ASAP */ /* copy and release the message ASAP */
if (!cursor) if (!cursor)
{ {
@ -387,6 +394,7 @@ int main_cursorThread(void * unused)
g_state.state = APP_STATE_SHUTDOWN; g_state.state = APP_STATE_SHUTDOWN;
break; break;
} }
cursorSize = msg.size;
} }
memcpy(cursor, msg.mem, msg.size); memcpy(cursor, msg.mem, msg.size);