24 lines
846 B
Diff
24 lines
846 B
Diff
--- a/libfreerdp/gdi/graphics.c 2018-08-01 21:27:31.000000000 +0800
|
|
+++ b/libfreerdp/gdi/graphics.c 2019-04-04 18:48:18.411000000 +0800
|
|
@@ -141,11 +141,19 @@ static BOOL gdi_Bitmap_Decompress(rdpCon
|
|
UINT32 SrcSize = length;
|
|
UINT32 SrcFormat;
|
|
rdpGdi* gdi = context->gdi;
|
|
+ UINT32 size = DstWidth * DstHeight;
|
|
bitmap->compressed = FALSE;
|
|
bitmap->format = gdi->dstFormat;
|
|
- bitmap->length = DstWidth * DstHeight * GetBytesPerPixel(bitmap->format);
|
|
bitmap->data = (BYTE*) _aligned_malloc(bitmap->length, 16);
|
|
|
|
+ if ((GetBytesPerPixel(bitmap->format) == 0) ||
|
|
+ (DstWidth == 0) || (DstHeight == 0) || (DstWidth > UINT32_MAX / DstHeight) ||
|
|
+ (size > (UINT32_MAX / GetBytesPerPixel(bitmap->format))))
|
|
+ return FALSE;
|
|
+
|
|
+ size *= GetBytesPerPixel(bitmap->format);
|
|
+ bitmap->length = size;
|
|
+
|
|
if (!bitmap->data)
|
|
return FALSE;
|
|
|