From d1da09f7e12272dad3d89fa259704f5c7d297c91 Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Mon, 25 May 2020 09:42:02 +0200
Subject: [PATCH] Fixed Out-of-bound read in glyph_cache_put

CVE-2020-11098 thanks to @antonio-morales for finding this.

(cherry picked from commit c0fd449ec0870b050d350d6d844b1ea6dad4bc7d)
---
 libfreerdp/cache/glyph.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libfreerdp/cache/glyph.c b/libfreerdp/cache/glyph.c
index 9f5e4a3..5c41f91 100644
--- a/libfreerdp/cache/glyph.c
+++ b/libfreerdp/cache/glyph.c
@@ -579,7 +579,7 @@ BOOL glyph_cache_put(rdpGlyphCache* glyphCache, UINT32 id, UINT32 index, rdpGlyp
 		return FALSE;
 	}
 
-	if (index > glyphCache->glyphCache[id].number)
+	if (index >= glyphCache->glyphCache[id].number)
 	{
 		WLog_ERR(TAG, "invalid glyph cache index: %" PRIu32 " in cache id: %" PRIu32 "", index, id);
 		return FALSE;
-- 
2.7.4