From: Pierre Ossman <ossman@cendio.se>
Date: Thu, 23 Feb 2023 06:19:09 +0000 (+0100)
Subject: Don't parse empty fence messages
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=7af69eb4a7a52d6baf4d09f79ccbec76bd1fcee1;p=tigervnc.git

Don't parse empty fence messages

We need to return here or we'll do an out-of-bounds access on the data
array.
---

diff --git a/common/rfb/VNCSConnectionST.cxx b/common/rfb/VNCSConnectionST.cxx
index a40a1a30..d20da8cb 100644
--- a/common/rfb/VNCSConnectionST.cxx
+++ b/common/rfb/VNCSConnectionST.cxx
@@ -706,8 +706,10 @@ void VNCSConnectionST::fence(uint32_t flags, unsigned len, const uint8_t data[])
     return;
   }
 
-  if (len < 1)
+  if (len < 1) {
     vlog.error("Fence response of unexpected size received");
+    return;
+  }
 
   type = data[0];