From: Pierre Ossman Date: Thu, 23 Feb 2023 06:19:09 +0000 (+0100) Subject: Don't parse empty fence messages X-Git-Tag: v1.14.1~21 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=4b859cae706af8e59671f8105be17a4436d7ba34;p=tigervnc.git Don't parse empty fence messages We need to return here or we'll do an out-of-bounds access on the data array. (cherry picked from commit 7af69eb4a7a52d6baf4d09f79ccbec76bd1fcee1) --- diff --git a/common/rfb/VNCSConnectionST.cxx b/common/rfb/VNCSConnectionST.cxx index 306bba1d..75874495 100644 --- a/common/rfb/VNCSConnectionST.cxx +++ b/common/rfb/VNCSConnectionST.cxx @@ -706,8 +706,10 @@ void VNCSConnectionST::fence(uint32_t flags, unsigned len, const uint8_t data[]) return; } - if (len < 1) + if (len < 1) { vlog.error("Fence response of unexpected size received"); + return; + } type = data[0];