File LibVNCServer-CVE-2018-20020.patch of Package LibVNCServer.15607

Index: libvncserver-LibVNCServer-0.9.10/libvncclient/corre.c
===================================================================
--- libvncserver-LibVNCServer-0.9.10.orig/libvncclient/corre.c	2019-01-03 12:38:57.453896187 +0100
+++ libvncserver-LibVNCServer-0.9.10/libvncclient/corre.c	2019-01-03 12:41:56.546759596 +0100
@@ -48,7 +48,7 @@ HandleCoRREBPP (rfbClient* client, int r
 
     FillRectangle(client, rx, ry, rw, rh, pix);
 
-    if (!ReadFromRFBServer(client, client->buffer, hdr.nSubrects * (4 + (BPP / 8))))
+    if (hdr.nSubrects > RFB_BUFFER_SIZE / (4 + (BPP / 8)) || !ReadFromRFBServer(client, client->buffer, hdr.nSubrects * (4 + (BPP / 8))))
 	return FALSE;
 
     ptr = (uint8_t *)client->buffer;