de7100b6f1
It fixes CVE-2026-33984 and CVE-2026-33983. Resolves: RHEL-162949, RHEL-162965 Made-with: Cursor
36 lines
1.1 KiB
Diff
36 lines
1.1 KiB
Diff
From a2dde6d9832cb032e8cf12cab3da84dafbab9006 Mon Sep 17 00:00:00 2001
|
|
From: Ondrej Holy <oholy@redhat.com>
|
|
Date: Fri, 10 Apr 2026 11:32:09 +0200
|
|
Subject: [PATCH] [codec,clear] update CLEAR_VBAR_ENTRY::size after alloc
|
|
|
|
Backport of commit a2dde6d9832cb032e8cf12cab3da84dafbab9006.
|
|
|
|
Made-with: Cursor
|
|
---
|
|
libfreerdp/codec/clear.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/libfreerdp/codec/clear.c b/libfreerdp/codec/clear.c
|
|
index e38fa0d..eda30ad 100644
|
|
--- a/libfreerdp/codec/clear.c
|
|
+++ b/libfreerdp/codec/clear.c
|
|
@@ -565,7 +565,6 @@ static BOOL resize_vbar_entry(CLEAR_CONTEXT* clear, CLEAR_VBAR_ENTRY* vBarEntry)
|
|
const UINT32 oldPos = vBarEntry->size * bpp;
|
|
const UINT32 diffSize = (vBarEntry->count - vBarEntry->size) * bpp;
|
|
BYTE* tmp;
|
|
- vBarEntry->size = vBarEntry->count;
|
|
tmp = (BYTE*)realloc(vBarEntry->pixels, 1ull * vBarEntry->count * bpp);
|
|
|
|
if (!tmp)
|
|
@@ -576,6 +575,7 @@ static BOOL resize_vbar_entry(CLEAR_CONTEXT* clear, CLEAR_VBAR_ENTRY* vBarEntry)
|
|
|
|
memset(&tmp[oldPos], 0, diffSize);
|
|
vBarEntry->pixels = tmp;
|
|
+ vBarEntry->size = vBarEntry->count;
|
|
}
|
|
|
|
if (!vBarEntry->pixels && vBarEntry->size)
|
|
--
|
|
2.49.0
|
|
|