Fixed multiple sanitizer errors in codecs

author akallabeth <akallabeth@posteo.net>

Mon, 18 May 2020 15:40:28 +0000 (17:40 +0200)

committer akallabeth <akallabeth@posteo.net>

Wed, 20 May 2020 13:41:24 +0000 (15:41 +0200)
author akallabeth <akallabeth@posteo.net>
Mon, 18 May 2020 15:40:28 +0000 (17:40 +0200)
committer akallabeth <akallabeth@posteo.net>
Wed, 20 May 2020 13:41:24 +0000 (15:41 +0200)
diff --git a/libfreerdp/codec/clear.c b/libfreerdp/codec/clear.c

index 118e09b..083f1aa 100644 (file)
--- a/libfreerdp/codec/clear.c
+++ b/libfreerdp/codec/clear.c
@@ -783,7 +783,7 @@ static BOOL clear_decompress_bands_data(CLEAR_CONTEXT* clear, wStream* s, UINT32
                         if (vBarUpdate)
                         {
                                 UINT32 x;
-                               BYTE* pSrcPixel;
+                               BYTE* pSrcPixel = NULL;
                                 BYTE* dstBuffer;
  
                                 if (clear->VBarStorageCursor >= CLEARCODEC_VBAR_SIZE)
@@ -826,8 +826,9 @@ static BOOL clear_decompress_bands_data(CLEAR_CONTEXT* clear, wStream* s, UINT32
                                 if ((y + count) > vBarPixelCount)
                                         count = (vBarPixelCount > y) ? (vBarPixelCount - y) : 0;
  
-                               pSrcPixel =
-                                   &vBarShortEntry->pixels[(y - vBarYOn) * GetBytesPerPixel(clear->format)];
+                               if (count > 0)
+                                       pSrcPixel =
+                                           &vBarShortEntry->pixels[(y - vBarYOn) * GetBytesPerPixel(clear->format)];
  
                                 for (x = 0; x < count; x++)
                                 {
diff --git a/libfreerdp/codec/nsc.c b/libfreerdp/codec/nsc.c

index 6c07552..6627e0b 100644 (file)
--- a/libfreerdp/codec/nsc.c
+++ b/libfreerdp/codec/nsc.c
@@ -113,14 +113,12 @@ static BOOL nsc_decode(NSC_CONTEXT* context)
  
  static BOOL nsc_rle_decode(BYTE* in, BYTE* out, UINT32 outSize, UINT32 originalSize)
  {
-       UINT32 len;
-       UINT32 left;
-       BYTE value;
-       left = originalSize;
+       UINT32 left = originalSize;
  
         while (left > 4)
         {
-               value = *in++;
+               const BYTE value = *in++;
+               UINT32 len = 0;
  
                 if (left == 5)
                 {
@@ -143,8 +141,10 @@ static BOOL nsc_rle_decode(BYTE* in, BYTE* out, UINT32 outSize, UINT32 originalS
                         else
                         {
                                 in++;
-                               len = *((UINT32*)in);
-                               in += 4;
+                               len = ((UINT32)(*in++));
+                               len |= ((UINT32)(*in++)) << 8U;
+                               len |= ((UINT32)(*in++)) << 16U;
+                               len |= ((UINT32)(*in++)) << 24U;
                         }
  
                         if (outSize < len)
diff --git a/libfreerdp/codec/progressive.c b/libfreerdp/codec/progressive.c

index bfa2dc5..04cd346 100644 (file)
--- a/libfreerdp/codec/progressive.c
+++ b/libfreerdp/codec/progressive.c
@@ -1183,7 +1183,7 @@ static INLINE int progressive_rfx_upgrade_block(RFX_PROGRESSIVE_UPGRADE_STATE* s
                         sign[index] = input;
                 }
  
-               buffer[index] += (input << shift);
+               buffer[index] += (INT16)((UINT32)input << shift);
         }
  
         return 1;
author	akallabeth <akallabeth@posteo.net>
	Mon, 18 May 2020 15:40:28 +0000 (17:40 +0200)
committer	akallabeth <akallabeth@posteo.net>
	Wed, 20 May 2020 13:41:24 +0000 (15:41 +0200)
libfreerdp/codec/clear.c		patch \| blob \| history
libfreerdp/codec/nsc.c		patch \| blob \| history
libfreerdp/codec/progressive.c		patch \| blob \| history