From 898b8efdf2b70b424a01554276553f30cba6cc83 Mon Sep 17 00:00:00 2001 From: Jay Sorg Date: Fri, 15 Feb 2013 18:35:44 -0800 Subject: [PATCH] chansrv: fix clipboard crash --- sesman/chansrv/clipboard.c | 2 +- sesman/chansrv/clipboard_file.c | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/sesman/chansrv/clipboard.c b/sesman/chansrv/clipboard.c index 67afbd49..d277d474 100644 --- a/sesman/chansrv/clipboard.c +++ b/sesman/chansrv/clipboard.c @@ -247,7 +247,7 @@ static int g_cliprdr_flags = CB_USE_LONG_FORMAT_NAMES | static int g_formatIds[16]; static int g_num_formatIds = 0; -static int g_file_format_id = 0; +static int g_file_format_id = -1; /*****************************************************************************/ /* this is one way to get the current time from the x server */ diff --git a/sesman/chansrv/clipboard_file.c b/sesman/chansrv/clipboard_file.c index 54a7b46a..121d96a7 100644 --- a/sesman/chansrv/clipboard_file.c +++ b/sesman/chansrv/clipboard_file.c @@ -593,7 +593,17 @@ clipboard_c2s_in_files(struct stream *s, char *file_list) struct clip_file_desc *cfd; char *ptr; + if (!s_check_rem(s, 4)) + { + LLOGLN(0, ("clipboard_c2s_in_files: parse error")); + return 1; + } in_uint32_le(s, cItems); + if (cItems > 64 * 1024) /* sanity check */ + { + LLOGLN(0, ("clipboard_c2s_in_files: error cItems %d too big", cItems)); + return 1; + } fuse_clear_clip_dir(); LLOGLN(10, ("clipboard_c2s_in_files: cItems %d", cItems)); cfd = (struct clip_file_desc *)