mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
freerdp3: fix CVE-2026-29775
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-29775 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
@@ -0,0 +1,30 @@
|
|||||||
|
From e4bfcb3197787e7af4246366b643c16de99f56a2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Armin Novak <armin.novak@thincast.com>
|
||||||
|
Date: Sat, 28 Feb 2026 11:38:55 +0100
|
||||||
|
Subject: [PATCH] [cache,bitmap] overallocate bitmap cache
|
||||||
|
|
||||||
|
(cherry picked from commit ffad58fd2b329efd81a3239e9d7e3c927b8e503f)
|
||||||
|
|
||||||
|
CVE: CVE-2026-29775
|
||||||
|
Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/ffad58fd2b329efd81a3239e9d7e3c927b8e503f]
|
||||||
|
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
|
||||||
|
---
|
||||||
|
libfreerdp/cache/bitmap.c | 5 ++++-
|
||||||
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/libfreerdp/cache/bitmap.c b/libfreerdp/cache/bitmap.c
|
||||||
|
index dd5ae1d71..0d694dd3f 100644
|
||||||
|
--- a/libfreerdp/cache/bitmap.c
|
||||||
|
+++ b/libfreerdp/cache/bitmap.c
|
||||||
|
@@ -364,7 +364,10 @@ rdpBitmapCache* bitmap_cache_new(rdpContext* context)
|
||||||
|
const UINT32 BitmapCacheV2NumCells =
|
||||||
|
freerdp_settings_get_uint32(settings, FreeRDP_BitmapCacheV2NumCells);
|
||||||
|
bitmapCache->context = context;
|
||||||
|
- bitmapCache->cells = (BITMAP_V2_CELL*)calloc(BitmapCacheV2NumCells, sizeof(BITMAP_V2_CELL));
|
||||||
|
+
|
||||||
|
+ /* overallocate by 1. older RDP servers do send a off by 1 cache index. */
|
||||||
|
+ bitmapCache->cells =
|
||||||
|
+ (BITMAP_V2_CELL*)calloc(BitmapCacheV2NumCells + 1ull, sizeof(BITMAP_V2_CELL));
|
||||||
|
|
||||||
|
if (!bitmapCache->cells)
|
||||||
|
goto fail;
|
||||||
@@ -32,6 +32,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \
|
|||||||
file://CVE-2026-24682.patch \
|
file://CVE-2026-24682.patch \
|
||||||
file://CVE-2026-24683.patch \
|
file://CVE-2026-24683.patch \
|
||||||
file://CVE-2026-29774.patch \
|
file://CVE-2026-29774.patch \
|
||||||
|
file://CVE-2026-29775.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
S = "${WORKDIR}/git"
|
S = "${WORKDIR}/git"
|
||||||
|
|||||||
Reference in New Issue
Block a user