rpms/freerdp
7
0
Fork 0
Code Issues Pull Requests Releases Activity
3e697dcce9
freerdp/codec-planar-fix-decoder-length-checks.patch
Ondrej Holy 3e697dcce9 Backport several CVE fixes 
It fixes CVE-2026-23530, CVE-2026-23531, CVE-2026-23532, CVE-2026-23533,
CVE-2026-23534, CVE-2026-23883 and CVE-2026-23884.

Resolves: RHEL-142417, RHEL-142401, RHEL-142385, RHEL-142369, RHEL-142353
Resolves: RHEL-142337, RHEL-142321
2026-01-28 10:18:17 +01:00

32 lines
902 B
Diff
Raw Blame History

From 2d656eb6b29a68de7f19e8a1cce169259e7506b4 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Tue, 27 Jan 2026 14:35:43 +0100
Subject: [PATCH] [codec,planar] fix decoder length checks
Backport of commit 1bab198a2edd0d0e6e1627d21a433151ea190.
Co-Authored-By: Claude <noreply@anthropic.com>
---
libfreerdp/codec/planar.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c
index fe27011e1..1cb2e22bc 100644
--- a/libfreerdp/codec/planar.c
+++ b/libfreerdp/codec/planar.c
@@ -616,6 +616,11 @@ BOOL planar_decompress(BITMAP_PLANAR_CONTEXT* planar, const BYTE* pSrcData, UINT
WINPR_ASSERT(planar);
WINPR_ASSERT(prims);
+ if (planar->maxWidth < nSrcWidth)
+ return FALSE;
+ if (planar->maxHeight < nSrcHeight)
+ return FALSE;
+
if (nDstStep <= 0)
nDstStep = nDstWidth * GetBytesPerPixel(DstFormat);
--
2.52.0
Reference in New Issue View Git Blame Copy Permalink