apply CVE patch for security weakness

Change-Id: Ie64713714465e8ea9a0e0cf2c1f3e55e42de6fa9

diff --git a/gst/vmnc/vmncdec.c b/gst/vmnc/vmncdec.c
index 34e63c7..6475112 100644 (file)
--- a/gst/vmnc/vmncdec.c
+++ b/gst/vmnc/vmncdec.c
@@ -258,7 +258,7 @@ vmnc_handle_wmvi_rectangle (GstVMncDec * dec, struct RfbRectangle *rect,
   gst_video_codec_state_unref (state);
 
   g_free (dec->imagedata);
-  dec->imagedata = g_malloc (dec->format.width * dec->format.height *
+  dec->imagedata = g_malloc0 (dec->format.width * dec->format.height *
       dec->format.bytes_per_pixel);
   GST_DEBUG_OBJECT (dec, "Allocated image data at %p", dec->imagedata);
 
@@ -788,6 +788,10 @@ vmnc_handle_packet (GstVMncDec * dec, const guint8 * data, int len,
             GST_WARNING_OBJECT (dec, "Rectangle out of range, type %d", r.type);
             return ERROR_INVALID;
           }
+        } else if (r.width > 16384 || r.height > 16384) {
+          GST_WARNING_OBJECT (dec, "Width or height too high: %ux%u", r.width,
+              r.height);
+          return ERROR_INVALID;
         }
 
         switch (r.type) {