The pad fields of the rfbClientCutTextMsg and rfbKeyEventMsg could contain arbitray memory belonging to the process,
don't leak this to the remote.
Closes #252
libvncclient: zrle.c: Move undef of REALBPP down
rfbproto.c which includes this file expects an undefined REALBPP after the inclusion. Do this whether or not there is zlib available.
- As with the encoder, the decoder now uses the TurboJPEG wrapper, which
allows it to decode JPEG images directly into the framebuffer. This
eliminates a buffer copy (CopyRectangle()) as well as the expensive
RGB pixel conversion in DecompressJpegRectBPP(). The TurboJPEG
wrapper performs RGB pixel conversion more optimally, and only when
necessary (it uses the libjpeg-turbo colorspace extensions when
available, in order to avoid RGB conversion.)
- The other Tight subencoding types are also now decoded directly into
the framebuffer, which eliminates buffer copies.
- The Tight decoder now supports the rfbTightNoZlib extension, which
allows the server to bypass zlib compression when Compression Level 0
is selected. The encoder already supports this extension. Passing
the data stream through zlib when Compression Level 0 is selected
needlessly wastes CPU time, since all zlib is doing is copying the
data internally into its own structures.
It turns out some server implementations (namely VMware ESXi 6.5) expect
1 as the only non-zero value for the SetPixelFormat message whereas the protocol
states every non-zero value is valid
(https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst#setpixelformat).
Anyway, setting this to 1 shouldn't hurt.
Fixes #141
Since autotools officially is no longer supported (see various github
issues), drop the related infrastructure to stop tempting people to use
it for building.
Signed-off-by: Bert van Hall <bert.vanhall@gmx.de>
Treat openSSL data structures as opaque to achieve compatibility with
openSSL 1.1.x. While at it, fix order of cleaning up in
open_ssl_connection().
Signed-off-by: Bert van Hall <bert.vanhall@avionic-design.de>
The Ultra type tile decoder does not use the _safe variant of the LZO
decompress function, which allows a maliciuous server to overwrite parts of the
heap by sending a larger-than-specified LZO data stream.