Commit f5cfa4bc authored by dscho's avatar dscho

prevent segmentation fault when requested area is too big; if select is...

prevent segmentation fault when requested area is too big; if select is interrupted while WriteExact, just try again.
parent 1c7ca906
...@@ -655,6 +655,25 @@ rfbProcessClientInitMessage(cl) ...@@ -655,6 +655,25 @@ rfbProcessClientInitMessage(cl)
} }
} }
static rfbBool rectSwapIfLEAndClip(uint16_t* x,uint16_t* y,uint16_t* w,uint16_t* h,
rfbScreenInfoPtr screen)
{
*x=Swap16IfLE(*x);
*y=Swap16IfLE(*y);
*w=Swap16IfLE(*w);
*h=Swap16IfLE(*h);
if(*w>screen->width-*x)
*w=screen->width-*x;
/* possible underflow */
if(*w>screen->width-*x)
return FALSE;
if(*h>screen->height-*y)
*h=screen->height-*y;
if(*h>screen->height-*y)
return FALSE;
return TRUE;
}
/* /*
* rfbProcessClientNormalMessage is called when the client has sent a normal * rfbProcessClientNormalMessage is called when the client has sent a normal
...@@ -904,11 +923,15 @@ rfbProcessClientNormalMessage(cl) ...@@ -904,11 +923,15 @@ rfbProcessClientNormalMessage(cl)
return; return;
} }
if(!rectSwapIfLEAndClip(&msg.fur.x,&msg.fur.y,&msg.fur.w,&msg.fur.h,
cl->screen))
return;
tmpRegion = tmpRegion =
sraRgnCreateRect(Swap16IfLE(msg.fur.x), sraRgnCreateRect(msg.fur.x,
Swap16IfLE(msg.fur.y), msg.fur.y,
Swap16IfLE(msg.fur.x)+Swap16IfLE(msg.fur.w), msg.fur.x+msg.fur.w,
Swap16IfLE(msg.fur.y)+Swap16IfLE(msg.fur.h)); msg.fur.y+msg.fur.h);
LOCK(cl->updateMutex); LOCK(cl->updateMutex);
sraRgnOr(cl->requestedRegion,tmpRegion); sraRgnOr(cl->requestedRegion,tmpRegion);
......
...@@ -500,6 +500,8 @@ WriteExact(cl, buf, len) ...@@ -500,6 +500,8 @@ WriteExact(cl, buf, len)
tv.tv_usec = 0; tv.tv_usec = 0;
n = select(sock+1, NULL, &fds, NULL /* &fds */, &tv); n = select(sock+1, NULL, &fds, NULL /* &fds */, &tv);
if (n < 0) { if (n < 0) {
if(errno==EINTR)
continue;
rfbLogPerror("WriteExact: select"); rfbLogPerror("WriteExact: select");
UNLOCK(cl->outputMutex); UNLOCK(cl->outputMutex);
return n; return n;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment