From e97da59a763339d37a74da6326d9045ce73a02d4 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Sat, 23 May 2020 12:17:55 +0200
Subject: [PATCH] Reject too large screen resize requests

We'll just crash later if we try to use such a large screen, so reject
the request from the client instead and keep the server running.
---
 common/rfb/VNCServerST.cxx | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/common/rfb/VNCServerST.cxx b/common/rfb/VNCServerST.cxx
index b3cc7a1f..8329bb23 100644
--- a/common/rfb/VNCServerST.cxx
+++ b/common/rfb/VNCServerST.cxx
@@ -527,6 +527,11 @@ unsigned int VNCServerST::setDesktopSize(VNCSConnectionST* requester,
   unsigned int result;
   std::list<VNCSConnectionST*>::iterator ci, ci_next;
 
+  // We can't handle a framebuffer larger than this, so don't let a
+  // client set one (see PixelBuffer.cxx)
+  if ((fb_width > 16384) || (fb_height > 16384))
+    return resultProhibited;
+
   // Don't bother the desktop with an invalid configuration
   if (!layout.validate(fb_width, fb_height))
     return resultInvalid;
-- 
2.39.5