|
|
@ -1224,8 +1224,12 @@ InitialiseRFBConnection(rfbClient* client)
|
|
|
|
client->si.format.blueMax = rfbClientSwap16IfLE(client->si.format.blueMax);
|
|
|
|
client->si.format.blueMax = rfbClientSwap16IfLE(client->si.format.blueMax);
|
|
|
|
client->si.nameLength = rfbClientSwap32IfLE(client->si.nameLength);
|
|
|
|
client->si.nameLength = rfbClientSwap32IfLE(client->si.nameLength);
|
|
|
|
|
|
|
|
|
|
|
|
/* To guard against integer wrap-around, si.nameLength is cast to 64 bit */
|
|
|
|
if (client->si.nameLength > 1<<20) {
|
|
|
|
client->desktopName = malloc((uint64_t)client->si.nameLength + 1);
|
|
|
|
rfbClientErr("Too big desktop name length sent by server: %u B > 1 MB\n", (unsigned int)client->si.nameLength);
|
|
|
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
client->desktopName = malloc(client->si.nameLength + 1);
|
|
|
|
if (!client->desktopName) {
|
|
|
|
if (!client->desktopName) {
|
|
|
|
rfbClientLog("Error allocating memory for desktop name, %lu bytes\n",
|
|
|
|
rfbClientLog("Error allocating memory for desktop name, %lu bytes\n",
|
|
|
|
(unsigned long)client->si.nameLength);
|
|
|
|
(unsigned long)client->si.nameLength);
|
|
|
|