| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
| |
Width and height of a cursor are received as U16 from network. Accepting full range of U16 values can cause integer overflows in multiple places.
The worst is probably VLA in CMsgReader::readSetXCursor:
rdr::U8 buf[width*height*4];
The width*height*4 can be too big to fit on stack or it can overflow into negative numbers. Both cases are undefined behaviour. Following writes to buf can overwrite other data on stack.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
The connection object is a much more appropriate object for the
decoders and encoders to keep track of. Besides the streams, it also
contains state like connection parameters.
|
| |
|
|
|
| |
This keeps the reader and writer objects clean and simple protocol
decoders/encoders.
|
| |
|
|
| |
Avoids having to special case things. Keeps the code simpler.
|
| |
|
|
| |
We have no need for this abstraction so let's keep things simple.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
encoding in the RFB protocol has always been signed, and signed values
are also used in the specification (ie DesktopName = -307 etc). In the
code, however, unsigned types were used in a number of places, but not
all, which causes warnings. This patch fixes the problem by switching
to signed values everywhere.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@3968 3789f03b-4d11-0410-bbf8-ca57d06f2519
|
| |
|
|
|
|
|
| |
of old and new features.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@3696 3789f03b-4d11-0410-bbf8-ca57d06f2519
|
| |
|
|
|
|
|
|
|
|
| |
updating the desktop name on the fly.
Tested in ThinLinc since 2008-01-07.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@3549 3789f03b-4d11-0410-bbf8-ca57d06f2519
|
|
|
More changes will follow.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@589 3789f03b-4d11-0410-bbf8-ca57d06f2519
|
