Fix tightvnc-filetransfer 64 bit buffer overflow

Seems there is a buffer overflow in x11vnc's tightvnc-filetransfer code when compiling to 64 bits: a buffer is allocated using sizeof(int) for the size, but then, data is copied into it using sizeof(unsigned long). Detected by GCC build with full warnings. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Fix tightvnc-filetransfer 64 bit buffer overflow
Seems there is a buffer overflow in x11vnc's tightvnc-filetransfer code when compiling to 64 bits: a buffer is allocated using sizeof(int) for the size, but then, data is copied into it using sizeof(unsigned long). Detected by GCC build with full warnings. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
c656b381 · Peter Arrenbrecht · Johannes Schindelin · 6b2b3b82 · c656b381
Commit c656b381 authored Jan 26, 2010 by Peter Arrenbrecht Committed by Johannes Schindelin Jan 26, 2010
Show whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

filetransfermsg.c libvncserver/tightvnc-filetransfer/filetransfermsg.c +1 -1

No files found.
--- a/libvncserver/tightvnc-filetransfer/filetransfermsg.c
+++ b/libvncserver/tightvnc-filetransfer/filetransfermsg.c
@@ -393,7 +393,7 @@ FileTransferMsg
 CreateFileDownloadZeroSizeDataMsg(unsigned long mTime)
 {
 	FileTransferMsg fileDownloadZeroSizeDataMsg;
-	int length = sz_rfbFileDownloadDataMsg + sizeof(int);
+	int length = sz_rfbFileDownloadDataMsg + sizeof(unsigned long);
 	rfbFileDownloadDataMsg *pFDD = NULL;
 	char *pFollow = NULL;