From 79d938c16bf7a14b6d6ee290bcfef3c01f9c4f02 Mon Sep 17 00:00:00 2001 From: Jay Carlson Date: Fri, 27 Mar 2015 11:22:13 -0400 Subject: [PATCH] Avoid divide-by-zero in raw encoding (OSX RealVNC) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OS X RealVNC server crashes out Remmina because the server can provoke bytesPerLine to be zero. Assume this is coding for zero lines. The condition could be checked before the calculation of bytesPerLine. I don’t understand the preconditions of this code to say one way or the other. --- libvncclient/rfbproto.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libvncclient/rfbproto.c b/libvncclient/rfbproto.c index f653850..d01013f 100644 --- a/libvncclient/rfbproto.c +++ b/libvncclient/rfbproto.c @@ -1936,7 +1936,10 @@ HandleRFBServerMessage(rfbClient* client) int y=rect.r.y, h=rect.r.h; bytesPerLine = rect.r.w * client->format.bitsPerPixel / 8; - linesToRead = RFB_BUFFER_SIZE / bytesPerLine; + /* RealVNC 4.x-5.x on OSX can induce bytesPerLine==0, + usually during GPU accel. */ + /* Regardless of cause, do not divide by zero. */ + linesToRead = bytesPerLine ? (RFB_BUFFER_SIZE / bytesPerLine) : 0; while (h > 0) { if (linesToRead > h)