diff options
Diffstat (limited to 'libvncclient/rfbproto.c')
| -rw-r--r-- | libvncclient/rfbproto.c | 63 |
1 files changed, 40 insertions, 23 deletions
diff --git a/libvncclient/rfbproto.c b/libvncclient/rfbproto.c index 8ac0028..1f4b646 100644 --- a/libvncclient/rfbproto.c +++ b/libvncclient/rfbproto.c @@ -147,9 +147,22 @@ void* rfbClientGetClientData(rfbClient* client, void* tag) /* messages */ +static rfbBool CheckRect(rfbClient* client, int x, int y, int w, int h) { + return x + w <= client->width && y + h <= client->height; +} + static void FillRectangle(rfbClient* client, int x, int y, int w, int h, uint32_t colour) { int i,j; + if (client->frameBuffer == NULL) { + return; + } + + if (!CheckRect(client, x, y, w, h)) { + rfbClientLog("Rect out of bounds: %dx%d at (%d, %d)\n", x, y, w, h); + return; + } + #define FILL_RECT(BPP) \ for(j=y*client->width;j<(y+h)*client->width;j+=client->width) \ for(i=x;i<x+w;i++) \ @@ -171,6 +184,11 @@ static void CopyRectangle(rfbClient* client, uint8_t* buffer, int x, int y, int return; } + if (!CheckRect(client, x, y, w, h)) { + rfbClientLog("Rect out of bounds: %dx%d at (%d, %d)\n", x, y, w, h); + return; + } + #define COPY_RECT(BPP) \ { \ int rs = w * BPP / 8, rs2 = client->width * BPP / 8; \ @@ -193,6 +211,20 @@ static void CopyRectangle(rfbClient* client, uint8_t* buffer, int x, int y, int static void CopyRectangleFromRectangle(rfbClient* client, int src_x, int src_y, int w, int h, int dest_x, int dest_y) { int i,j; + if (client->frameBuffer == NULL) { + return; + } + + if (!CheckRect(client, src_x, src_y, w, h)) { + rfbClientLog("Source rect out of bounds: %dx%d at (%d, %d)\n", src_x, src_y, w, h); + return; + } + + if (!CheckRect(client, dest_x, dest_y, w, h)) { + rfbClientLog("Dest rect out of bounds: %dx%d at (%d, %d)\n", dest_x, dest_y, w, h); + return; + } + #define COPY_RECT_FROM_RECT(BPP) \ { \ uint##BPP##_t* _buffer=((uint##BPP##_t*)client->frameBuffer)+(src_y-dest_y)*client->width+src_x-dest_x; \ @@ -273,9 +305,6 @@ static rfbBool HandleZRLE24Up(rfbClient* client, int rx, int ry, int rw, int rh) static rfbBool HandleZRLE24Down(rfbClient* client, int rx, int ry, int rw, int rh); static rfbBool HandleZRLE32(rfbClient* client, int rx, int ry, int rw, int rh); #endif -#ifdef LIBVNCSERVER_CONFIG_LIBVA -static rfbBool HandleH264 (rfbClient* client, int rx, int ry, int rw, int rh); -#endif /* * Server Capability Functions @@ -1411,10 +1440,6 @@ SetFormatAndEncodings(rfbClient* client) encs[se->nEncodings++] = rfbClientSwap32IfLE(rfbEncodingCoRRE); } else if (strncasecmp(encStr,"rre",encStrLen) == 0) { encs[se->nEncodings++] = rfbClientSwap32IfLE(rfbEncodingRRE); -#ifdef LIBVNCSERVER_CONFIG_LIBVA - } else if (strncasecmp(encStr,"h264",encStrLen) == 0) { - encs[se->nEncodings++] = rfbClientSwap32IfLE(rfbEncodingH264); -#endif } else { rfbClientLog("Unknown encoding '%.*s'\n",encStrLen,encStr); } @@ -1483,10 +1508,6 @@ SetFormatAndEncodings(rfbClient* client) encs[se->nEncodings++] = rfbClientSwap32IfLE(client->appData.qualityLevel + rfbEncodingQualityLevel0); } -#ifdef LIBVNCSERVER_CONFIG_LIBVA - encs[se->nEncodings++] = rfbClientSwap32IfLE(rfbEncodingH264); - rfbClientLog("h264 encoding added\n"); -#endif } @@ -1530,7 +1551,8 @@ SetFormatAndEncodings(rfbClient* client) if(e->encodings) { int* enc; for(enc = e->encodings; *enc; enc++) - encs[se->nEncodings++] = rfbClientSwap32IfLE(*enc); + if(se->nEncodings < MAX_ENCODINGS) + encs[se->nEncodings++] = rfbClientSwap32IfLE(*enc); } len = sz_rfbSetEncodingsMsg + se->nEncodings * 4; @@ -1981,7 +2003,10 @@ HandleRFBServerMessage(rfbClient* client) int y=rect.r.y, h=rect.r.h; bytesPerLine = rect.r.w * client->format.bitsPerPixel / 8; - linesToRead = RFB_BUFFER_SIZE / bytesPerLine; + /* RealVNC 4.x-5.x on OSX can induce bytesPerLine==0, + usually during GPU accel. */ + /* Regardless of cause, do not divide by zero. */ + linesToRead = bytesPerLine ? (RFB_BUFFER_SIZE / bytesPerLine) : 0; while (h > 0) { if (linesToRead > h) @@ -1997,7 +2022,8 @@ HandleRFBServerMessage(rfbClient* client) y += linesToRead; } - } break; + break; + } case rfbEncodingCopyRect: { @@ -2204,14 +2230,6 @@ HandleRFBServerMessage(rfbClient* client) } #endif -#ifdef LIBVNCSERVER_CONFIG_LIBVA - case rfbEncodingH264: - { - if (!HandleH264(client, rect.r.x, rect.r.y, rect.r.w, rect.r.h)) - return FALSE; - break; - } -#endif default: { @@ -2448,7 +2466,6 @@ HandleRFBServerMessage(rfbClient* client) #define UNCOMP -8 #include "zrle.c" #undef BPP -#include "h264.c" /* |