File freerdp-CVE-2021-41159.patch of Package freerdp.27686
From 623a77258a1610b6e37616f4613d1eb793edf4aa Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Fri, 15 Oct 2021 09:09:31 +0200
Subject: [PATCH] Fixed #7363: Length checks in ConvertUTF8toUTF16
---
winpr/libwinpr/crt/utf.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/winpr/libwinpr/crt/utf.c b/winpr/libwinpr/crt/utf.c
index 0c6af08c264..781feb070b7 100644
--- a/winpr/libwinpr/crt/utf.c
+++ b/winpr/libwinpr/crt/utf.c
@@ -584,7 +584,7 @@ ConversionResult ConvertUTF8toUTF16(const BYTE** sourceStart, const BYTE* source
ch -= offsetsFromUTF8[extraBytesToRead];
- if ((target >= end) && (!computeLength))
+ if ((target * sizeof(WCHAR) >= end) && (!computeLength))
{
source -= (extraBytesToRead + 1); /* Back up source pointer! */
result = targetExhausted;
@@ -635,7 +635,7 @@ ConversionResult ConvertUTF8toUTF16(const BYTE** sourceStart, const BYTE* source
else
{
/* target is a character in range 0xFFFF - 0x10FFFF. */
- if ((target + 1 >= end) && (!computeLength))
+ if (((target + 1) * sizeof(WCHAR) >= end) && (!computeLength))
{
source -= (extraBytesToRead + 1); /* Back up source pointer! */
result = targetExhausted;