From 2bc0157b01bfb0ec16be08e847e7ffbf1e87ef63 Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Sat, 25 Apr 2020 08:26:37 +0200
Subject: [PATCH 1/3] Unified INLINE definition

---
 include/freerdp/api.h | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/include/freerdp/api.h b/include/freerdp/api.h
index c6cecf875..65cf98c6e 100644
--- a/include/freerdp/api.h
+++ b/include/freerdp/api.h
@@ -20,6 +20,7 @@
 #ifndef FREERDP_API_H
 #define FREERDP_API_H
 
+#include <winpr/winpr.h>
 #include <winpr/platform.h>
 
 #ifdef _WIN32
@@ -28,12 +29,6 @@
 #define FREERDP_CC
 #endif
 
-#ifdef _WIN32
-#define INLINE __inline
-#else
-#define INLINE inline
-#endif
-
 #ifdef _WIN32
 #define __func__ __FUNCTION__
 #endif

From 7b0836a74fda1a74b2d70c2ee36084f139168830 Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Sat, 25 Apr 2020 08:33:45 +0200
Subject: [PATCH 2/3] Fixed index out of bound access in update_glyph_offset

---
 libfreerdp/cache/glyph.c | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/libfreerdp/cache/glyph.c b/libfreerdp/cache/glyph.c
index 1c17f7eb6..9f5e4a301 100644
--- a/libfreerdp/cache/glyph.c
+++ b/libfreerdp/cache/glyph.c
@@ -42,7 +42,7 @@ static const void* glyph_cache_fragment_get(rdpGlyphCache* glyph, UINT32 index,
 static BOOL glyph_cache_fragment_put(rdpGlyphCache* glyph, UINT32 index, UINT32 count,
                                      const void* entry);
 
-static UINT32 update_glyph_offset(const BYTE* data, UINT32 index, INT32* x, INT32* y,
+static UINT32 update_glyph_offset(const BYTE* data, size_t length, UINT32 index, INT32* x, INT32* y,
                                   UINT32 ulCharInc, UINT32 flAccel)
 {
 	if ((ulCharInc == 0) && (!(flAccel & SO_CHAR_INC_EQUAL_BM_BASE)))
@@ -51,8 +51,15 @@ static UINT32 update_glyph_offset(const BYTE* data, UINT32 index, INT32* x, INT3
 
 		if (offset & 0x80)
 		{
-			offset = data[index++];
-			offset |= ((UINT32)data[index++]) << 8;
+
+			if (index + 1 < length)
+			{
+				offset = data[index++];
+				offset |= ((UINT32)data[index++]) << 8;
+			}
+			else
+				WLog_WARN(TAG, "[%s] glyph index out of bound %" PRIu32 " [max %" PRIuz "]", index,
+				          length);
 		}
 
 		if (flAccel & SO_VERTICAL)
@@ -234,7 +241,7 @@ static BOOL update_process_glyph_fragments(rdpContext* context, const BYTE* data
 		switch (op)
 		{
 			case GLYPH_FRAGMENT_USE:
-				if (index + 1 > length)
+				if (index + 1 >= length)
 					return FALSE;
 
 				id = data[index++];
@@ -246,7 +253,7 @@ static BOOL update_process_glyph_fragments(rdpContext* context, const BYTE* data
 				for (n = 0; n < size;)
 				{
 					const UINT32 fop = fragments[n++];
-					n = update_glyph_offset(fragments, n, &x, &y, ulCharInc, flAccel);
+					n = update_glyph_offset(fragments, size, n, &x, &y, ulCharInc, flAccel);
 
 					if (!update_process_glyph(context, fragments, fop, &x, &y, cacheId, flAccel,
 					                          fOpRedundant, &bound))
@@ -265,7 +272,7 @@ static BOOL update_process_glyph_fragments(rdpContext* context, const BYTE* data
 				break;
 
 			default:
-				index = update_glyph_offset(data, index, &x, &y, ulCharInc, flAccel);
+				index = update_glyph_offset(data, length, index, &x, &y, ulCharInc, flAccel);
 
 				if (!update_process_glyph(context, data, op, &x, &y, cacheId, flAccel, fOpRedundant,
 				                          &bound))
@@ -378,7 +385,7 @@ static BOOL update_gdi_fast_index(rdpContext* context, const FAST_INDEX_ORDER* f
 static BOOL update_gdi_fast_glyph(rdpContext* context, const FAST_GLYPH_ORDER* fastGlyph)
 {
 	INT32 x, y;
-	BYTE text_data[2];
+	BYTE text_data[4] = { 0 };
 	INT32 opLeft, opTop;
 	INT32 opRight, opBottom;
 	INT32 opWidth = 0, opHeight = 0;
@@ -464,9 +471,9 @@ static BOOL update_gdi_fast_glyph(rdpContext* context, const FAST_GLYPH_ORDER* f
 		opHeight = opBottom - opTop + 1;
 
 	return update_process_glyph_fragments(
-	    context, text_data, 1, fastGlyph->cacheId, fastGlyph->ulCharInc, fastGlyph->flAccel,
-	    fastGlyph->backColor, fastGlyph->foreColor, x, y, fastGlyph->bkLeft, fastGlyph->bkTop,
-	    bkWidth, bkHeight, opLeft, opTop, opWidth, opHeight, FALSE);
+	    context, text_data, sizeof(text_data), fastGlyph->cacheId, fastGlyph->ulCharInc,
+	    fastGlyph->flAccel, fastGlyph->backColor, fastGlyph->foreColor, x, y, fastGlyph->bkLeft,
+	    fastGlyph->bkTop, bkWidth, bkHeight, opLeft, opTop, opWidth, opHeight, FALSE);
 }
 
 static BOOL update_gdi_cache_glyph(rdpContext* context, const CACHE_GLYPH_ORDER* cacheGlyph)

From 9d014fe1ea85109ee3a1c5c8622971ffa9c48b21 Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Sat, 25 Apr 2020 08:34:08 +0200
Subject: [PATCH 3/3] Fixed compiler warnings for usb channel

---
 channels/urbdrc/client/urbdrc_main.c | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/channels/urbdrc/client/urbdrc_main.c b/channels/urbdrc/client/urbdrc_main.c
index cf5673473..73704011d 100644
--- a/channels/urbdrc/client/urbdrc_main.c
+++ b/channels/urbdrc/client/urbdrc_main.c
@@ -265,7 +265,8 @@ static UINT urdbrc_send_usb_device_add(URBDRC_CHANNEL_CALLBACK* callback, IUDEVI
 		const UINT16 bcdDevice = (UINT16)pdev->query_device_descriptor(pdev, BCD_DEVICE);
 		sprintf_s(HardwareIds[1], DEVICE_HARDWARE_ID_SIZE,
 		          "USB\\VID_%04" PRIX16 "&PID_%04" PRIX16 "", idVendor, idProduct);
-		sprintf_s(HardwareIds[0], DEVICE_HARDWARE_ID_SIZE, "%s&REV_%04" PRIX16 "", HardwareIds[1],
+		sprintf_s(HardwareIds[0], DEVICE_HARDWARE_ID_SIZE,
+		          "USB\\VID_%04" PRIX16 "&PID_%04" PRIX16 "&REV_%04" PRIX16 "", idVendor, idProduct,
 		          bcdDevice);
 	}
 	{
@@ -277,18 +278,20 @@ static UINT urdbrc_send_usb_device_add(URBDRC_CHANNEL_CALLBACK* callback, IUDEVI
 		{
 			sprintf_s(CompatibilityIds[2], DEVICE_COMPATIBILITY_ID_SIZE, "USB\\Class_%02" PRIX8 "",
 			          bDeviceClass);
-			sprintf_s(CompatibilityIds[1], DEVICE_COMPATIBILITY_ID_SIZE, "%s&SubClass_%02" PRIX8 "",
-			          CompatibilityIds[2], bDeviceSubClass);
-			sprintf_s(CompatibilityIds[0], DEVICE_COMPATIBILITY_ID_SIZE, "%s&Prot_%02" PRIX8 "",
-			          CompatibilityIds[1], bDeviceProtocol);
+			sprintf_s(CompatibilityIds[1], DEVICE_COMPATIBILITY_ID_SIZE,
+			          "USB\\Class_%02" PRIX8 "&SubClass_%02" PRIX8 "", bDeviceClass,
+			          bDeviceSubClass);
+			sprintf_s(CompatibilityIds[0], DEVICE_COMPATIBILITY_ID_SIZE,
+			          "USB\\Class_%02" PRIX8 "&SubClass_%02" PRIX8 "&Prot_%02" PRIX8 "",
+			          bDeviceClass, bDeviceSubClass, bDeviceProtocol);
 		}
 		else
 		{
 			sprintf_s(CompatibilityIds[2], DEVICE_COMPATIBILITY_ID_SIZE, "USB\\DevClass_00");
-			sprintf_s(CompatibilityIds[1], DEVICE_COMPATIBILITY_ID_SIZE, "%s&SubClass_00",
-			          CompatibilityIds[2]);
-			sprintf_s(CompatibilityIds[0], DEVICE_COMPATIBILITY_ID_SIZE, "%s&Prot_00",
-			          CompatibilityIds[1]);
+			sprintf_s(CompatibilityIds[1], DEVICE_COMPATIBILITY_ID_SIZE,
+			          "USB\\DevClass_00&SubClass_00");
+			sprintf_s(CompatibilityIds[0], DEVICE_COMPATIBILITY_ID_SIZE,
+			          "USB\\DevClass_00&SubClass_00&Prot_00");
 		}
 	}
 	func_instance_id_generate(pdev, strInstanceId, DEVICE_INSTANCE_STR_SIZE);