diff options
| author | dscho <dscho> | 2004-05-05 19:42:27 +0000 |
|---|---|---|
| committer | dscho <dscho> | 2004-05-05 19:42:27 +0000 |
| commit | f5cfa4bc8d73f16e963f4a2aa99f63614f7da758 (patch) | |
| tree | 1feb70ded7d43c476d077d75fc1b9171797e93f6 /rfbserver.c | |
| parent | 1c7ca906f7971bc45a90f425d5d8754ddd5eb1d7 (diff) | |
| download | libtdevnc-f5cfa4bc8d73f16e963f4a2aa99f63614f7da758.tar.gz libtdevnc-f5cfa4bc8d73f16e963f4a2aa99f63614f7da758.zip | |
prevent segmentation fault when requested area is too big; if select is interrupted while WriteExact, just try again.
Diffstat (limited to 'rfbserver.c')
| -rw-r--r-- | rfbserver.c | 31 |
1 files changed, 27 insertions, 4 deletions
diff --git a/rfbserver.c b/rfbserver.c index 7a40a7b..e22283e 100644 --- a/rfbserver.c +++ b/rfbserver.c @@ -655,6 +655,25 @@ rfbProcessClientInitMessage(cl) } } +static rfbBool rectSwapIfLEAndClip(uint16_t* x,uint16_t* y,uint16_t* w,uint16_t* h, + rfbScreenInfoPtr screen) +{ + *x=Swap16IfLE(*x); + *y=Swap16IfLE(*y); + *w=Swap16IfLE(*w); + *h=Swap16IfLE(*h); + if(*w>screen->width-*x) + *w=screen->width-*x; + /* possible underflow */ + if(*w>screen->width-*x) + return FALSE; + if(*h>screen->height-*y) + *h=screen->height-*y; + if(*h>screen->height-*y) + return FALSE; + + return TRUE; +} /* * rfbProcessClientNormalMessage is called when the client has sent a normal @@ -904,11 +923,15 @@ rfbProcessClientNormalMessage(cl) return; } + if(!rectSwapIfLEAndClip(&msg.fur.x,&msg.fur.y,&msg.fur.w,&msg.fur.h, + cl->screen)) + return; + tmpRegion = - sraRgnCreateRect(Swap16IfLE(msg.fur.x), - Swap16IfLE(msg.fur.y), - Swap16IfLE(msg.fur.x)+Swap16IfLE(msg.fur.w), - Swap16IfLE(msg.fur.y)+Swap16IfLE(msg.fur.h)); + sraRgnCreateRect(msg.fur.x, + msg.fur.y, + msg.fur.x+msg.fur.w, + msg.fur.y+msg.fur.h); LOCK(cl->updateMutex); sraRgnOr(cl->requestedRegion,tmpRegion); |