Overview

File LibVNCServer-CVE-2020-14397.patch of Package LibVNCServer.17330

Index: libvncserver-LibVNCServer-0.9.10/libvncserver/rfbregion.c
===================================================================
--- libvncserver-LibVNCServer-0.9.10.orig/libvncserver/rfbregion.c	2014-10-21 17:57:11.000000000 +0200
+++ libvncserver-LibVNCServer-0.9.10/libvncserver/rfbregion.c	2020-07-08 09:11:51.130322073 +0200
@@ -50,24 +50,30 @@ sraSpanDup(const sraSpan *src) {
 
 static void
 sraSpanInsertAfter(sraSpan *newspan, sraSpan *after) {
-  newspan->_next = after->_next;
-  newspan->_prev = after;
-  after->_next->_prev = newspan;
-  after->_next = newspan;
+  if(newspan && after) {
+    newspan->_next = after->_next;
+    newspan->_prev = after;
+    after->_next->_prev = newspan;
+    after->_next = newspan;
+  }
 }
 
 static void
 sraSpanInsertBefore(sraSpan *newspan, sraSpan *before) {
-  newspan->_next = before;
-  newspan->_prev = before->_prev;
-  before->_prev->_next = newspan;
-  before->_prev = newspan;
+  if(newspan && before) {
+    newspan->_next = before;
+    newspan->_prev = before->_prev;
+    before->_prev->_next = newspan;
+    before->_prev = newspan;
+  }
 }
 
 static void
 sraSpanRemove(sraSpan *span) {
-  span->_prev->_next = span->_next;
-  span->_next->_prev = span->_prev;
+  if(span) {
+    span->_prev->_next = span->_next;
+    span->_next->_prev = span->_prev;
+  }
 }
 
 static void
Index: libvncserver-LibVNCServer-0.9.10/libvncserver/rfbserver.c
===================================================================
--- libvncserver-LibVNCServer-0.9.10.orig/libvncserver/rfbserver.c	2020-07-08 09:11:51.070321726 +0200
+++ libvncserver-LibVNCServer-0.9.10/libvncserver/rfbserver.c	2020-07-08 09:15:28.887592049 +0200
@@ -215,6 +215,8 @@ rfbClientIteratorHead(rfbClientIteratorP
 rfbClientPtr
 rfbClientIteratorNext(rfbClientIteratorPtr i)
 {
+  if (!i)
+    return NULL;
   if(i->next == 0) {
     LOCK(rfbClientListMutex);
     i->next = i->screen->clientHead;
@@ -239,7 +241,7 @@ rfbClientIteratorNext(rfbClientIteratorP
 void
 rfbReleaseClientIterator(rfbClientIteratorPtr iterator)
 {
-  IF_PTHREADS(if(iterator->next) rfbDecrClientRef(iterator->next));
+  IF_PTHREADS(if(iterator && iterator->next) rfbDecrClientRef(iterator->next));
   free(iterator);
 }
openSUSE Build Service is sponsored by
Places