[Bugfix] Use rdr::U32 type for length of strings handled by *CutText functions.

This avoids big buffer overflow when memcpy is called with "-1" argument. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@3607 3789f03b-4d11-0410-bbf8-ca57d06f2519
author: Adam Tkac <atkac@redhat.com> 2009-02-13 12:42:05 +0000
committer: Adam Tkac <atkac@redhat.com> 2009-02-13 12:42:05 +0000
commit: acf6c6b9accec6de7076e3e4931265126ef510e8 (patch)
tree: 361e711dd8bd17969fd2102026eae4940ba350c2 /common/rfb/CMsgReader.cxx
parent: 48df274707abbe41848428f9d1e7670db0d065ca (diff)
download: tigervnc-acf6c6b9accec6de7076e3e4931265126ef510e8.tar.gz
tigervnc-acf6c6b9accec6de7076e3e4931265126ef510e8.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/common/rfb/CMsgReader.cxx b/common/rfb/CMsgReader.cxx
index 0e3d9679..488f549c 100644
--- a/common/rfb/CMsgReader.cxx
+++ b/common/rfb/CMsgReader.cxx
@@ -60,7 +60,7 @@ void CMsgReader::readBell()
 void CMsgReader::readServerCutText()
 {
   is->skip(3);
-  int len = is->readU32();
+  rdr::U32 len = is->readU32();
   if (len > 256*1024) {
     is->skip(len);
     fprintf(stderr,"cut text too long (%d bytes) - ignoring\n",len);
author	Adam Tkac <atkac@redhat.com>	2009-02-13 12:42:05 +0000
committer	Adam Tkac <atkac@redhat.com>	2009-02-13 12:42:05 +0000
commit	acf6c6b9accec6de7076e3e4931265126ef510e8 (patch)
tree	361e711dd8bd17969fd2102026eae4940ba350c2 /common/rfb/CMsgReader.cxx
parent	48df274707abbe41848428f9d1e7670db0d065ca (diff)
download	tigervnc-acf6c6b9accec6de7076e3e4931265126ef510e8.tar.gz tigervnc-acf6c6b9accec6de7076e3e4931265126ef510e8.zip