File freerdp-CVE-2018-8787.patch of Package freerdp.6948

From 09b9d4f1994a674c4ec85b4947aa656eda1aed8a Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Mon, 22 Oct 2018 16:30:20 +0200
Subject: [PATCH 4/6] Fixed CVE-2018-8787

Thanks to Eyal Itkin from Check Point Software Technologies.
---
 libfreerdp/gdi/graphics.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

Index: b/libfreerdp/gdi/graphics.c
===================================================================
--- a/libfreerdp/gdi/graphics.c	2019-01-08 20:00:53.343326261 +0800
+++ b/libfreerdp/gdi/graphics.c	2019-01-08 20:06:06.525425389 +0800
@@ -152,7 +152,7 @@ BOOL gdi_Bitmap_Decompress(rdpContext* c
 		BOOL compressed, int codecId)
 {
 	int status;
-	UINT16 size;
+	UINT32 size;
 	BYTE* pSrcData;
 	BYTE* pDstData;
 	UINT32 SrcSize;
@@ -161,8 +161,13 @@ BOOL gdi_Bitmap_Decompress(rdpContext* c
 	rdpGdi* gdi = context->gdi;
 
 	bytesPerPixel = (bpp + 7) / 8;
-	size = width * height * 4;
+	size = width * height;
 
+	if ((width == 0) || (height == 0) || (width > UINT32_MAX / height) ||
+	    (size > UINT32_MAX / 4))
+	    return FALSE;
+
+	size *= 4;
 	bitmap->data = (BYTE*) _aligned_malloc(size, 16);
 
 	pSrcData = data;
openSUSE Build Service is sponsored by