From 502821828ed00b4a2c4bef90683d0fd88ce495de Mon Sep 17 00:00:00 2001
From: Christian Beier <dontmind@freeshell.org>
Date: Sun, 21 Oct 2018 20:21:30 +0200
Subject: [PATCH] LibVNCServer: fix heap out-of-bound write access

Closes #243
---
 libvncserver/rfbserver.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
index ed1365a..6ca511f 100644
--- a/libvncserver/rfbserver.c
+++ b/libvncserver/rfbserver.c
@@ -1465,7 +1465,7 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, uint32_t length)
     rfbLog("rfbProcessFileTransferReadBuffer(%dlen)\n", length);
     */
     if (length>0) {
-        buffer=malloc(length+1);
+        buffer=malloc((uint64_t)length+1);
         if (buffer!=NULL) {
             if ((n = rfbReadExact(cl, (char *)buffer, length)) <= 0) {
                 if (n != 0)