vmncdec: Sanity-check rectangle sizes a bit more thorough

author Sebastian Dröge <sebastian@centricular.com>

Tue, 6 Dec 2016 05:58:25 +0000 (07:58 +0200)

committer Sebastian Dröge <sebastian@centricular.com>

Wed, 7 Dec 2016 09:20:49 +0000 (11:20 +0200)
author Sebastian Dröge <sebastian@centricular.com>
Tue, 6 Dec 2016 05:58:25 +0000 (07:58 +0200)
committer Sebastian Dröge <sebastian@centricular.com>
Wed, 7 Dec 2016 09:20:49 +0000 (11:20 +0200)
diff --git a/gst/vmnc/vmncdec.c b/gst/vmnc/vmncdec.c

index b3c97788373ed5516912b93771855311aeaf91b7..cbbaeb6b448c3bd9ec4ba93349d6d0b6ce602d01 100644 (file)
--- a/gst/vmnc/vmncdec.c
+++ b/gst/vmnc/vmncdec.c
@@ -785,7 +785,8 @@ vmnc_handle_packet (GstVMncDec * dec, const guint8 * data, int len,
                  r.type);
              return ERROR_INVALID;
            }
-          if (r.x + r.width > dec->format.width ||
+          if (r.x > dec->format.width || r.y > dec->format.height ||
+              r.x + r.width > dec->format.width ||
                r.y + r.height > dec->format.height) {
              GST_WARNING_OBJECT (dec, "Rectangle out of range, type %d", r.type);
              return ERROR_INVALID;
author	Sebastian Dröge <sebastian@centricular.com>
	Tue, 6 Dec 2016 05:58:25 +0000 (07:58 +0200)
committer	Sebastian Dröge <sebastian@centricular.com>
	Wed, 7 Dec 2016 09:20:49 +0000 (11:20 +0200)