From a9daba01902e567f2990f79a0798d2c2cdf07b39 Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Tue, 7 Apr 2020 08:28:11 +0200
Subject: [PATCH] Check for int overflow in gdi_InvalidateRegion

---
 libfreerdp/gdi/region.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libfreerdp/gdi/region.c b/libfreerdp/gdi/region.c
index 637897867..120d2b786 100644
--- a/libfreerdp/gdi/region.c
+++ b/libfreerdp/gdi/region.c
@@ -616,9 +616,12 @@ INLINE BOOL gdi_InvalidateRegion(HGDI_DC hdc, INT32 x, INT32 y, INT32 w, INT32 h
 
 	if ((hdc->hwnd->ninvalid + 1) > (INT64)hdc->hwnd->count)
 	{
-		int new_cnt;
+		size_t new_cnt;
 		HGDI_RGN new_rgn;
 		new_cnt = hdc->hwnd->count * 2;
+		if (new_cnt > UINT32_MAX)
+			return FALSE;
+
 		new_rgn = (HGDI_RGN)realloc(cinvalid, sizeof(GDI_RGN) * new_cnt);
 
 		if (!new_rgn)