Overview

File LibVNCServer-CVE-2020-14400.patch of Package LibVNCServer.25862

diff --git a/libvncserver/translate.c b/libvncserver/translate.c
index 7c341c2a..7e6d3d8e 100644
--- a/libvncserver/translate.c
+++ b/libvncserver/translate.c
@@ -360,9 +360,12 @@ rfbSetTranslateFunction(rfbClientPtr cl)
 static rfbBool
 rfbSetClientColourMapBGR233(rfbClientPtr cl)
 {
-    char buf[sz_rfbSetColourMapEntriesMsg + 256 * 3 * 2];
-    rfbSetColourMapEntriesMsg *scme = (rfbSetColourMapEntriesMsg *)buf;
-    uint16_t *rgb = (uint16_t *)(&buf[sz_rfbSetColourMapEntriesMsg]);
+    union {
+        char bytes[sz_rfbSetColourMapEntriesMsg + 256 * 3 * 2];
+        rfbSetColourMapEntriesMsg msg;
+    } buf;
+    rfbSetColourMapEntriesMsg *scme = &buf.msg;
+    uint16_t *rgb = (uint16_t *)(&buf.bytes[sz_rfbSetColourMapEntriesMsg]);
     int i, len;
     int r, g, b;
 
@@ -394,7 +397,7 @@ rfbSetClientColourMapBGR233(rfbClientPtr cl)
 
     len += 256 * 3 * 2;
 
-    if (rfbWriteExact(cl, buf, len) < 0) {
+    if (rfbWriteExact(cl, buf.bytes, len) < 0) {
         rfbLogPerror("rfbSetClientColourMapBGR233: write");
         rfbCloseClient(cl);
         return FALSE;
openSUSE Build Service is sponsored by
Places