From: Pierre Ossman Date: Tue, 2 Mar 2021 12:16:34 +0000 (+0100) Subject: Fix some incorrect data waits X-Git-Tag: v1.11.90~63 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=daeff52b1e0047ec7f0cd137bc7218f35e81ea20;p=tigervnc.git Fix some incorrect data waits Some of these were incorrectly calculated so the server or client would wait too long before proceeding with decoding. Change all of these to be a more explicit calculation to avoid such issues in the future. --- diff --git a/common/rfb/CMsgReader.cxx b/common/rfb/CMsgReader.cxx index 40fb5912..f69e21de 100644 --- a/common/rfb/CMsgReader.cxx +++ b/common/rfb/CMsgReader.cxx @@ -131,7 +131,7 @@ bool CMsgReader::readMsg() } if (state == MSGSTATE_RECT_HEADER) { - if (!is->hasData(12)) + if (!is->hasData(2 + 2 + 2 + 2 + 4)) return false; int x = is->readU16(); @@ -207,7 +207,7 @@ bool CMsgReader::readMsg() bool CMsgReader::readSetColourMapEntries() { - if (!is->hasData(5)) + if (!is->hasData(1 + 2 + 2)) return false; is->setRestorePoint(); @@ -236,7 +236,7 @@ bool CMsgReader::readBell() bool CMsgReader::readServerCutText() { - if (!is->hasData(7)) + if (!is->hasData(3 + 4)) return false; is->setRestorePoint(); @@ -385,7 +385,7 @@ bool CMsgReader::readFence() rdr::U8 len; char data[64]; - if (!is->hasData(8)) + if (!is->hasData(3 + 4 + 1)) return false; is->setRestorePoint(); @@ -421,7 +421,7 @@ bool CMsgReader::readEndOfContinuousUpdates() bool CMsgReader::readFramebufferUpdate() { - if (!is->hasData(3)) + if (!is->hasData(1 + 2)) return false; is->skip(1); @@ -625,7 +625,7 @@ bool CMsgReader::readSetVMwareCursor(int width, int height, const Point& hotspot rdr::U8 type; - if (!is->hasData(2)) + if (!is->hasData(1 + 1)) return false; type = is->readU8(); @@ -756,7 +756,7 @@ bool CMsgReader::readExtendedDesktopSize(int x, int y, int w, int h) int sx, sy, sw, sh; ScreenSet layout; - if (!is->hasData(4)) + if (!is->hasData(1 + 3)) return false; is->setRestorePoint(); diff --git a/common/rfb/SMsgReader.cxx b/common/rfb/SMsgReader.cxx index 944f9315..63188f21 100644 --- a/common/rfb/SMsgReader.cxx +++ b/common/rfb/SMsgReader.cxx @@ -122,7 +122,7 @@ bool SMsgReader::readSetPixelFormat() bool SMsgReader::readSetEncodings() { - if (!is->hasData(3)) + if (!is->hasData(1 + 2)) return false; is->setRestorePoint(); @@ -152,7 +152,7 @@ bool SMsgReader::readSetDesktopSize() int sx, sy, sw, sh; ScreenSet layout; - if (!is->hasData(7)) + if (!is->hasData(1 + 2 + 2 + 1 + 1)) return true; is->setRestorePoint(); @@ -165,7 +165,7 @@ bool SMsgReader::readSetDesktopSize() screens = is->readU8(); is->skip(1); - if (!is->hasDataOrRestore(screens * 24)) + if (!is->hasDataOrRestore(screens * (4 + 2 + 2 + 2 + 2 + 4))) return false; is->clearRestorePoint(); @@ -187,7 +187,7 @@ bool SMsgReader::readSetDesktopSize() bool SMsgReader::readFramebufferUpdateRequest() { - if (!is->hasData(17)) + if (!is->hasData(1 + 2 + 2 + 2 + 2)) return false; bool inc = is->readU8(); int x = is->readU16(); @@ -203,7 +203,7 @@ bool SMsgReader::readEnableContinuousUpdates() bool enable; int x, y, w, h; - if (!is->hasData(17)) + if (!is->hasData(1 + 2 + 2 + 2 + 2)) return false; enable = is->readU8(); @@ -224,7 +224,7 @@ bool SMsgReader::readFence() rdr::U8 len; char data[64]; - if (!is->hasData(8)) + if (!is->hasData(3 + 4 + 1)) return false; is->setRestorePoint(); @@ -254,7 +254,7 @@ bool SMsgReader::readFence() bool SMsgReader::readKeyEvent() { - if (!is->hasData(7)) + if (!is->hasData(1 + 2 + 4)) return false; bool down = is->readU8(); is->skip(2); @@ -265,7 +265,7 @@ bool SMsgReader::readKeyEvent() bool SMsgReader::readPointerEvent() { - if (!is->hasData(5)) + if (!is->hasData(1 + 2 + 2)) return false; int mask = is->readU8(); int x = is->readU16(); @@ -277,7 +277,7 @@ bool SMsgReader::readPointerEvent() bool SMsgReader::readClientCutText() { - if (!is->hasData(7)) + if (!is->hasData(3 + 4)) return false; is->setRestorePoint(); @@ -452,7 +452,7 @@ bool SMsgReader::readQEMUMessage() bool SMsgReader::readQEMUKeyEvent() { - if (!is->hasData(10)) + if (!is->hasData(2 + 4 + 4)) return false; bool down = is->readU16(); rdr::U32 keysym = is->readU32();