File freerdp-CVE-2024-22211.patch of Package freerdp.33722
From 1e4d1a5545ac902c44534eb9ea415c5bf714661a Mon Sep 17 00:00:00 2001 From: Armin Novak <anovak@thincast.com> Date: Sat, 13 Jan 2024 21:01:55 +0100 Subject: [PATCH] [codec,planar] check resolution for overflow If the codec resolution is too large return an error as the internal buffers would otherwise overflow. (cherry picked from commit 44edab1deae4f8c901c00a00683f888cef36d853) --- libfreerdp/codec/planar.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c index 2a0861678..0697fcd4c 100644 --- a/libfreerdp/codec/planar.c +++ b/libfreerdp/codec/planar.c @@ -1395,7 +1395,13 @@ BOOL freerdp_bitmap_planar_context_reset(BITMAP_PLANAR_CONTEXT* context, UINT32 context->maxWidth = width; context->maxHeight = height; - context->maxPlaneSize = context->maxWidth * context->maxHeight; + const UINT64 tmp = (UINT64)context->maxWidth * context->maxHeight; + if (tmp > UINT32_MAX) + return FALSE; + context->maxPlaneSize = tmp; + + if (context->maxWidth > UINT32_MAX / 4) + return FALSE; context->nTempStep = context->maxWidth * 4; free(context->planesBuffer); free(context->pTempData); -- 2.43.2




