cffbceacb7
It fixes CVE-2026-26986, CVE-2026-27951, CVE-2026-29775, CVE-2026-31884, CVE-2026-31883, CVE-2026-31885, and CVE-2026-33985. Resolves: RHEL-159806, RHEL-155468, RHEL-161037, RHEL-161472 Resolves: RHEL-161508, RHEL-161075, RHEL-167794 Made-with: Cursor
53 lines
1.5 KiB
Diff
53 lines
1.5 KiB
Diff
From 23320a6d5f2e1c8a9b7d6f4e3c2a1b0987654321 Mon Sep 17 00:00:00 2001
|
|
From: Ondrej Holy <oholy@redhat.com>
|
|
Date: Tue, 28 Apr 2026 04:25:58 +0000
|
|
Subject: [PATCH] [cache,bitmap] initialize overallocated bitmap cache extra
|
|
slot
|
|
|
|
Backport of commit 8270e0bb3d6726c947d57c93ba9caa92a052b557.
|
|
|
|
Adjusted hunk offsets for 2.11.7.
|
|
|
|
Made-with: Cursor
|
|
---
|
|
libfreerdp/cache/bitmap.c | 16 +++++++++++++++-
|
|
1 file changed, 15 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/libfreerdp/cache/bitmap.c b/libfreerdp/cache/bitmap.c
|
|
index b8a4f21..23320a6 100644
|
|
--- a/libfreerdp/cache/bitmap.c
|
|
+++ b/libfreerdp/cache/bitmap.c
|
|
@@ -303,6 +303,19 @@ rdpBitmapCache* bitmap_cache_new(rdpSettings* settings)
|
|
cell->number = nr;
|
|
}
|
|
|
|
+ /* initialize the overallocated extra slot for old RDP servers that send
|
|
+ * cacheId == maxCells; use a minimal allocation since no protocol-negotiated
|
|
+ * capacity exists for this slot */
|
|
+ {
|
|
+ BITMAP_V2_CELL* extra = &bitmapCache->cells[bitmapCache->maxCells];
|
|
+ /* allocate an extra entry for BITMAP_CACHE_WAITING_LIST_INDEX */
|
|
+ extra->entries = (rdpBitmap**)calloc(1, sizeof(rdpBitmap*));
|
|
+
|
|
+ if (!extra->entries)
|
|
+ goto fail;
|
|
+ extra->number = 0;
|
|
+ }
|
|
+
|
|
return bitmapCache;
|
|
fail:
|
|
|
|
@@ -315,7 +328,8 @@ void bitmap_cache_free(rdpBitmapCache* bitmapCache)
|
|
if (bitmapCache)
|
|
{
|
|
UINT32 i;
|
|
- for (i = 0; i < bitmapCache->maxCells; i++)
|
|
+ /* iterate through maxCells + 1 to also free the overallocated extra slot */
|
|
+ for (i = 0; i <= bitmapCache->maxCells; i++)
|
|
{
|
|
UINT32 j;
|
|
BITMAP_V2_CELL* cell = &bitmapCache->cells[i];
|
|
--
|
|
2.53.0
|
|
|