From 4b859cae706af8e59671f8105be17a4436d7ba34 Mon Sep 17 00:00:00 2001 From: Pierre Ossman Date: Thu, 23 Feb 2023 07:19:09 +0100 Subject: [PATCH] Don't parse empty fence messages We need to return here or we'll do an out-of-bounds access on the data array. (cherry picked from commit 7af69eb4a7a52d6baf4d09f79ccbec76bd1fcee1) --- common/rfb/VNCSConnectionST.cxx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/common/rfb/VNCSConnectionST.cxx b/common/rfb/VNCSConnectionST.cxx index 306bba1dc4..7587449525 100644 --- a/common/rfb/VNCSConnectionST.cxx +++ b/common/rfb/VNCSConnectionST.cxx @@ -706,8 +706,10 @@ void VNCSConnectionST::fence(uint32_t flags, unsigned len, const uint8_t data[]) return; } - if (len < 1) + if (len < 1) { vlog.error("Fence response of unexpected size received"); + return; + } type = data[0];