]> source.dussan.org Git - tigervnc.git/commit
projects / tigervnc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2473c72) | patch
Handle empty Tight gradient rects
authorPierre Ossman <ossman@cendio.se>
Tue, 10 Sep 2019 13:36:42 +0000 (15:36 +0200)
committerPierre Ossman <ossman@cendio.se>
Fri, 20 Dec 2019 06:29:00 +0000 (07:29 +0100)
commit46c081926efd83c90a45c0a96b1b5bc1927e1346
tree25493326fd7e5e6051a6568cc3bd66fec3424b9etree | snapshot
parent2473c72ddc5723bcbbcb172bb5a64cddcdf68935commit | diff
Handle empty Tight gradient rects

We always assumed there would be one pixel per row so a rect with
a zero width would result in us writing to unknown memory.

This could theoretically be used by a malicious server to inject
code in to the viewer process.

Issue found by Pavel Cheremushkin from Kaspersky Lab.

(cherry picked from commit b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95)
common/rfb/tightDecode.h diff | blob | history
High performance, multi-platform VNC client and server: https://github.com/TigerVNC/tigervnc