[core,orders] improve input validation

check length before subtracting. Might underflow and be cought by the next check, but lets be strict.
2026-04-14 00:14:11 +09:00 · 2026-03-03 13:58:09 +01:00
parent 125b1ce99e
commit a9e0abf2ea
1 changed files with 2 additions and 0 deletions
--- a/libfreerdp/core/orders.c
+++ b/libfreerdp/core/orders.c
@@ -2354,6 +2354,8 @@ static CACHE_BITMAP_ORDER* update_read_cache_bitmap_order(rdpUpdate* update, wSt
 				goto fail;

 			Stream_Read(s, bitmapComprHdr, 8); /* bitmapComprHdr (8 bytes) */
+			if (cache_bitmap->bitmapLength < 8)
+				goto fail;
 			cache_bitmap->bitmapLength -= 8;
 		}
 	}