File freerdp-CVE-2021-41159.patch of Package freerdp

Overview Repositories Revisions Requests Users Attributes Meta

File freerdp-CVE-2021-41159.patch of Package freerdp

From 623a77258a1610b6e37616f4613d1eb793edf4aa Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Fri, 15 Oct 2021 09:09:31 +0200
Subject: [PATCH] Fixed #7363: Length checks in ConvertUTF8toUTF16

---
 winpr/libwinpr/crt/utf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/winpr/libwinpr/crt/utf.c b/winpr/libwinpr/crt/utf.c
index 0c6af08c264..781feb070b7 100644
--- a/winpr/libwinpr/crt/utf.c
+++ b/winpr/libwinpr/crt/utf.c
@@ -584,7 +584,7 @@ ConversionResult ConvertUTF8toUTF16(const BYTE** sourceStart, const BYTE* source
 
 		ch -= offsetsFromUTF8[extraBytesToRead];
 
-		if ((target >= end) && (!computeLength))
+		if ((target * sizeof(WCHAR) >= end) && (!computeLength))
 		{
 			source -= (extraBytesToRead + 1); /* Back up source pointer! */
 			result = targetExhausted;
@@ -635,7 +635,7 @@ ConversionResult ConvertUTF8toUTF16(const BYTE** sourceStart, const BYTE* source
 		else
 		{
 			/* target is a character in range 0xFFFF - 0x10FFFF. */
-			if ((target + 1 >= end) && (!computeLength))
+			if (((target + 1) * sizeof(WCHAR) >= end) && (!computeLength))
 			{
 				source -= (extraBytesToRead + 1); /* Back up source pointer! */
 				result = targetExhausted;

Places

File freerdp-CVE-2021-41159.patch of Package freerdp

Places