From bbcba568f495e11313c51d3b93ee1de2509bce71 Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Tue, 16 Oct 2018 17:23:24 +0200
Subject: [PATCH] Added parameter checks.

---
 libfreerdp/codec/include/bitmap.c | 10 +++++++++-
 libfreerdp/codec/interleaved.c    | 20 +++++++++++++-------
 2 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/libfreerdp/codec/include/bitmap.c b/libfreerdp/codec/include/bitmap.c
index d9a50b1..a594a1b 100644
--- a/libfreerdp/codec/include/bitmap.c
+++ b/libfreerdp/codec/include/bitmap.c
@@ -292,7 +292,7 @@ static INLINE BYTE* WRITEFIRSTLINEFGBGIMAGE(BYTE* pbDest, BYTE bitmask,
 /**
  * Decompress an RLE compressed bitmap.
  */
-static INLINE void RLEDECOMPRESS(const BYTE* pbSrcBuffer, UINT32 cbSrcBuffer,
+static INLINE BOOL RLEDECOMPRESS(const BYTE* pbSrcBuffer, UINT32 cbSrcBuffer,
                                  BYTE* pbDestBuffer,
                                  UINT32 rowDelta, UINT32 width, UINT32 height)
 {
@@ -310,6 +310,9 @@ static INLINE void RLEDECOMPRESS(const BYTE* pbSrcBuffer, UINT32 cbSrcBuffer,
 	UINT32 advance;
 	RLEEXTRA
 
+	if (!pbSrcBuffer || !pbDestBuffer)
+		return FALSE;
+
 	while (pbSrc < pbEnd)
 	{
 		/* Watch out for the end of the first scanline. */
@@ -628,6 +631,11 @@ static INLINE void RLEDECOMPRESS(const BYTE* pbSrcBuffer, UINT32 cbSrcBuffer,
 				DESTWRITEPIXEL(pbDest, BLACK_PIXEL);
 				DESTNEXTPIXEL(pbDest);
 				break;
+
+			default:
+				return FALSE;
 		}
 	}
+
+	return TRUE;
 }
diff --git a/libfreerdp/codec/interleaved.c b/libfreerdp/codec/interleaved.c
index 943ca00..44bdde7 100644
--- a/libfreerdp/codec/interleaved.c
+++ b/libfreerdp/codec/interleaved.c
@@ -276,7 +276,7 @@ BOOL interleaved_decompress(BITMAP_INTERLEAVED_CONTEXT* interleaved,
 	UINT32 SrcFormat;
 	UINT32 BufferSize;
 
-	if (!interleaved)
+	if (!interleaved || !pSrcData || !pDstData)
 		return FALSE;
 
 	switch (bpp)
@@ -322,19 +322,25 @@ BOOL interleaved_decompress(BITMAP_INTERLEAVED_CONTEXT* interleaved,
 	switch (bpp)
 	{
 		case 24:
-			RleDecompress24to24(pSrcData, SrcSize, interleaved->TempBuffer,
-			                    scanline, nSrcWidth, nSrcHeight);
+			if (!RleDecompress24to24(pSrcData, SrcSize, interleaved->TempBuffer,
+			                         scanline, nSrcWidth, nSrcHeight))
+				return FALSE;
+
 			break;
 
 		case 16:
 		case 15:
-			RleDecompress16to16(pSrcData, SrcSize, interleaved->TempBuffer,
-			                    scanline, nSrcWidth, nSrcHeight);
+			if (!RleDecompress16to16(pSrcData, SrcSize, interleaved->TempBuffer,
+			                         scanline, nSrcWidth, nSrcHeight))
+				return FALSE;
+
 			break;
 
 		case 8:
-			RleDecompress8to8(pSrcData, SrcSize, interleaved->TempBuffer,
-			                  scanline, nSrcWidth, nSrcHeight);
+			if (!RleDecompress8to8(pSrcData, SrcSize, interleaved->TempBuffer,
+			                       scanline, nSrcWidth, nSrcHeight))
+				return FALSE;
+
 			break;
 
 		default:
-- 
2.7.4