mirror of
https://github.com/gnif/LookingGlass.git
synced 2024-12-31 17:57:10 +00:00
[client] main: fix buffer overflow due to cursor data size change
This commit is contained in:
parent
7075fe2c54
commit
a21eee26ab
1 changed files with 8 additions and 0 deletions
|
@ -305,6 +305,7 @@ int main_cursorThread(void * unused)
|
|||
LGMP_STATUS status;
|
||||
LG_RendererCursor cursorType = LG_CURSOR_COLOR;
|
||||
KVMFRCursor * cursor = NULL;
|
||||
int cursorSize = 0;
|
||||
|
||||
lgWaitEvent(e_startup, TIMEOUT_INFINITE);
|
||||
|
||||
|
@ -377,6 +378,12 @@ int main_cursorThread(void * unused)
|
|||
break;
|
||||
}
|
||||
|
||||
if (cursor && msg.size > cursorSize)
|
||||
{
|
||||
free(cursor);
|
||||
cursor = NULL;
|
||||
}
|
||||
|
||||
/* copy and release the message ASAP */
|
||||
if (!cursor)
|
||||
{
|
||||
|
@ -387,6 +394,7 @@ int main_cursorThread(void * unused)
|
|||
g_state.state = APP_STATE_SHUTDOWN;
|
||||
break;
|
||||
}
|
||||
cursorSize = msg.size;
|
||||
}
|
||||
|
||||
memcpy(cursor, msg.mem, msg.size);
|
||||
|
|
Loading…
Reference in a new issue