mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2024-12-17 22:06:41 +00:00
Code Issues 1 Projects Releases Wiki Activity

rfbsrc: Check for read/write error

Browse source 
Check for read/write error. This prevent undefined behaviour that rely
on unitialized buffer.
This commit is contained in:
Nicolas Dufresne 2016-03-24 18:26:46 -04:00
parent ba93b86011
commit 0eb5722af6
1 changed files with 125 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

175
gst/librfb/rfbdecoder.c
View file

@ -35,16 +35,16 @@ static gboolean rfb_decoder_state_framebuffer_update_rectangle (RfbDecoder *
decoder); decoder);
static gboolean rfb_decoder_state_set_colour_map_entries (RfbDecoder * decoder); static gboolean rfb_decoder_state_set_colour_map_entries (RfbDecoder * decoder);
static gboolean rfb_decoder_state_server_cut_text (RfbDecoder * decoder); static gboolean rfb_decoder_state_server_cut_text (RfbDecoder * decoder);
static void rfb_decoder_raw_encoding (RfbDecoder * decoder, gint start_x, static gboolean rfb_decoder_raw_encoding (RfbDecoder * decoder, gint start_x,
gint start_y, gint rect_w, gint rect_h); gint start_y, gint rect_w, gint rect_h);
static void rfb_decoder_copyrect_encoding (RfbDecoder * decoder, gint start_x, static gboolean rfb_decoder_copyrect_encoding (RfbDecoder * decoder,
gint start_x, gint start_y, gint rect_w, gint rect_h);
static gboolean rfb_decoder_rre_encoding (RfbDecoder * decoder, gint start_x,
gint start_y, gint rect_w, gint rect_h); gint start_y, gint rect_w, gint rect_h);
static void rfb_decoder_rre_encoding (RfbDecoder * decoder, gint start_x, static gboolean rfb_decoder_corre_encoding (RfbDecoder * decoder, gint start_x,
gint start_y, gint rect_w, gint rect_h);
static void rfb_decoder_corre_encoding (RfbDecoder * decoder, gint start_x,
gint start_y, gint rect_w, gint rect_h);
static void rfb_decoder_hextile_encoding (RfbDecoder * decoder, gint start_x,
gint start_y, gint rect_w, gint rect_h); gint start_y, gint rect_w, gint rect_h);
static gboolean rfb_decoder_hextile_encoding (RfbDecoder * decoder,
gint start_x, gint start_y, gint rect_w, gint rect_h);
RfbDecoder * RfbDecoder *
rfb_decoder_new (void) rfb_decoder_new (void)
@ -189,7 +189,9 @@ rfb_decoder_read (RfbDecoder * decoder, guint32 len)
GInputStream *in; GInputStream *in;
GError *err = NULL; GError *err = NULL;
g_return_val_if_fail (decoder->connection != NULL, NULL); if (!decoder->connection)
return FALSE;
g_return_val_if_fail (len > 0, NULL); g_return_val_if_fail (len > 0, NULL);
in = g_io_stream_get_input_stream (G_IO_STREAM (decoder->connection)); in = g_io_stream_get_input_stream (G_IO_STREAM (decoder->connection));
@ -230,7 +232,9 @@ rfb_decoder_send (RfbDecoder * decoder, guint8 * buffer, guint len)
GOutputStream *out; GOutputStream *out;
GError *err = NULL; GError *err = NULL;
g_return_val_if_fail (decoder->connection != NULL, 0); if (!decoder->connection)
return FALSE;
g_return_val_if_fail (buffer != NULL, 0); g_return_val_if_fail (buffer != NULL, 0);
g_return_val_if_fail (len > 0, 0); g_return_val_if_fail (len > 0, 0);
@ -333,7 +337,8 @@ rfb_decoder_state_wait_for_protocol_version (RfbDecoder * decoder)
{ {
gchar version_str[] = "RFB 003.003\n"; gchar version_str[] = "RFB 003.003\n";
rfb_decoder_read (decoder, 12); if (!rfb_decoder_read (decoder, 12))
return FALSE;
g_return_val_if_fail (memcmp (decoder->data, "RFB 003.00", 10) == 0, FALSE); g_return_val_if_fail (memcmp (decoder->data, "RFB 003.00", 10) == 0, FALSE);
g_return_val_if_fail (*(decoder->data + 11) == 0x0a, FALSE); g_return_val_if_fail (*(decoder->data + 11) == 0x0a, FALSE);
@ -365,7 +370,9 @@ rfb_decoder_state_wait_for_protocol_version (RfbDecoder * decoder)
} }
version_str[10] = '0' + decoder->protocol_minor; version_str[10] = '0' + decoder->protocol_minor;
rfb_decoder_send (decoder, (guint8 *) version_str, 12);
if (!rfb_decoder_send (decoder, (guint8 *) version_str, 12))
return FALSE;
decoder->state = rfb_decoder_state_wait_for_security; decoder->state = rfb_decoder_state_wait_for_security;
return TRUE; return TRUE;
@ -380,10 +387,14 @@ rfb_decoder_state_reason (RfbDecoder * decoder)
{ {
gint reason_length; gint reason_length;
rfb_decoder_read (decoder, 4); if (!rfb_decoder_read (decoder, 4))
return FALSE;
reason_length = RFB_GET_UINT32 (decoder->data); reason_length = RFB_GET_UINT32 (decoder->data);
rfb_decoder_read (decoder, reason_length);
if (!rfb_decoder_read (decoder, reason_length))
return FALSE;
GST_WARNING ("Reason by server: %s", decoder->data); GST_WARNING ("Reason by server: %s", decoder->data);
if (decoder->error == NULL) { if (decoder->error == NULL) {
@ -405,7 +416,8 @@ rfb_decoder_state_wait_for_security (RfbDecoder * decoder)
* above. * above.
*/ */
if (IS_VERSION_3_3 (decoder)) { if (IS_VERSION_3_3 (decoder)) {
rfb_decoder_read (decoder, 4); if (!rfb_decoder_read (decoder, 4))
return FALSE;
decoder->security_type = RFB_GET_UINT32 (decoder->data); decoder->security_type = RFB_GET_UINT32 (decoder->data);
GST_DEBUG ("security = %d", decoder->security_type); GST_DEBUG ("security = %d", decoder->security_type);
@ -421,7 +433,8 @@ rfb_decoder_state_wait_for_security (RfbDecoder * decoder)
gint i; gint i;
guint8 *type = NULL; guint8 *type = NULL;
rfb_decoder_read (decoder, 1); if (!rfb_decoder_read (decoder, 1))
return FALSE;
num_type = RFB_GET_UINT8 (decoder->data); num_type = RFB_GET_UINT8 (decoder->data);
if (num_type == 0) { if (num_type == 0) {
@ -429,7 +442,9 @@ rfb_decoder_state_wait_for_security (RfbDecoder * decoder)
return TRUE; return TRUE;
} }
rfb_decoder_read (decoder, num_type); if (!rfb_decoder_read (decoder, num_type))
return FALSE;
decoder->security_type = SECURITY_FAIL; decoder->security_type = SECURITY_FAIL;
/* For now, simply pick the first support security method */ /* For now, simply pick the first support security method */
@ -453,7 +468,8 @@ rfb_decoder_state_wait_for_security (RfbDecoder * decoder)
} }
GST_DEBUG ("security = %d", decoder->security_type); GST_DEBUG ("security = %d", decoder->security_type);
rfb_decoder_send (decoder, type, 1); if (!rfb_decoder_send (decoder, type, 1))
return FALSE;
} }
switch (decoder->security_type) { switch (decoder->security_type) {
@ -502,7 +518,8 @@ rfb_decoder_state_wait_for_security (RfbDecoder * decoder)
des (&des_ctx, challenge + 8, challenge + 8); des (&des_ctx, challenge + 8, challenge + 8);
/* .. and send back to server */ /* .. and send back to server */
rfb_decoder_send (decoder, challenge, 16); if (!rfb_decoder_send (decoder, challenge, 16))
return FALSE;
GST_DEBUG ("Encrypted challenge sent to server"); GST_DEBUG ("Encrypted challenge sent to server");
@ -524,7 +541,9 @@ rfb_decoder_state_wait_for_security (RfbDecoder * decoder)
static gboolean static gboolean
rfb_decoder_state_security_result (RfbDecoder * decoder) rfb_decoder_state_security_result (RfbDecoder * decoder)
{ {
rfb_decoder_read (decoder, 4); if (!rfb_decoder_read (decoder, 4))
return FALSE;
if (RFB_GET_UINT32 (decoder->data) != 0) { if (RFB_GET_UINT32 (decoder->data) != 0) {
GST_WARNING ("Security handshaking failed"); GST_WARNING ("Security handshaking failed");
if (IS_VERSION_3_8 (decoder)) { if (IS_VERSION_3_8 (decoder)) {
@ -598,7 +617,11 @@ rfb_decoder_state_set_encodings (RfbDecoder * decoder)
message = rfb_decoder_message_set_encodings (encoder_list); message = rfb_decoder_message_set_encodings (encoder_list);
rfb_decoder_send (decoder, message, 4 + 4 * g_slist_length (encoder_list)); if (!rfb_decoder_send (decoder, message,
4 + 4 * g_slist_length (encoder_list))) {
g_free (message);
return FALSE;
}
g_free (message); g_free (message);
@ -614,7 +637,10 @@ rfb_decoder_state_send_client_initialisation (RfbDecoder * decoder)
guint8 shared_flag; guint8 shared_flag;
shared_flag = decoder->shared_flag; shared_flag = decoder->shared_flag;
rfb_decoder_send (decoder, &shared_flag, 1);
if (!rfb_decoder_send (decoder, &shared_flag, 1))
return FALSE;
GST_DEBUG ("shared_flag is %d", shared_flag); GST_DEBUG ("shared_flag is %d", shared_flag);
decoder->state = rfb_decoder_state_wait_for_server_initialisation; decoder->state = rfb_decoder_state_wait_for_server_initialisation;
@ -626,7 +652,8 @@ rfb_decoder_state_wait_for_server_initialisation (RfbDecoder * decoder)
{ {
guint32 name_length; guint32 name_length;
rfb_decoder_read (decoder, 24); if (!rfb_decoder_read (decoder, 24))
return FALSE;
decoder->width = RFB_GET_UINT16 (decoder->data + 0); decoder->width = RFB_GET_UINT16 (decoder->data + 0);
decoder->height = RFB_GET_UINT16 (decoder->data + 2); decoder->height = RFB_GET_UINT16 (decoder->data + 2);
@ -657,7 +684,8 @@ rfb_decoder_state_wait_for_server_initialisation (RfbDecoder * decoder)
name_length = RFB_GET_UINT32 (decoder->data + 20); name_length = RFB_GET_UINT32 (decoder->data + 20);
rfb_decoder_read (decoder, name_length); if (!rfb_decoder_read (decoder, name_length))
return FALSE;
decoder->name = g_strndup ((gchar *) (decoder->data), name_length); decoder->name = g_strndup ((gchar *) (decoder->data), name_length);
GST_DEBUG ("name = %s", decoder->name); GST_DEBUG ("name = %s", decoder->name);
@ -714,7 +742,9 @@ rfb_decoder_state_normal (RfbDecoder * decoder)
GST_DEBUG ("decoder_state_normal"); GST_DEBUG ("decoder_state_normal");
rfb_decoder_read (decoder, 1); if (!rfb_decoder_read (decoder, 1))
return FALSE;
message_type = RFB_GET_UINT8 (decoder->data); message_type = RFB_GET_UINT8 (decoder->data);
switch (message_type) { switch (message_type) {
@ -743,7 +773,8 @@ static gboolean
rfb_decoder_state_framebuffer_update (RfbDecoder * decoder) rfb_decoder_state_framebuffer_update (RfbDecoder * decoder)
{ {
rfb_decoder_read (decoder, 3); if (!rfb_decoder_read (decoder, 3))
return FALSE;
decoder->n_rects = RFB_GET_UINT16 (decoder->data + 1); decoder->n_rects = RFB_GET_UINT16 (decoder->data + 1);
GST_DEBUG ("Number of rectangles : %d", decoder->n_rects); GST_DEBUG ("Number of rectangles : %d", decoder->n_rects);
@ -758,8 +789,10 @@ rfb_decoder_state_framebuffer_update_rectangle (RfbDecoder * decoder)
{ {
gint x, y, w, h; gint x, y, w, h;
gint encoding; gint encoding;
gboolean ret = FALSE;
rfb_decoder_read (decoder, 12); if (!rfb_decoder_read (decoder, 12))
return FALSE;
x = RFB_GET_UINT16 (decoder->data + 0) - decoder->offset_x; x = RFB_GET_UINT16 (decoder->data + 0) - decoder->offset_x;
y = RFB_GET_UINT16 (decoder->data + 2) - decoder->offset_y; y = RFB_GET_UINT16 (decoder->data + 2) - decoder->offset_y;
@ -780,34 +813,39 @@ rfb_decoder_state_framebuffer_update_rectangle (RfbDecoder * decoder)
switch (encoding) { switch (encoding) {
case ENCODING_TYPE_RAW: case ENCODING_TYPE_RAW:
rfb_decoder_raw_encoding (decoder, x, y, w, h); ret = rfb_decoder_raw_encoding (decoder, x, y, w, h);
break; break;
case ENCODING_TYPE_COPYRECT: case ENCODING_TYPE_COPYRECT:
rfb_decoder_copyrect_encoding (decoder, x, y, w, h); ret = rfb_decoder_copyrect_encoding (decoder, x, y, w, h);
break; break;
case ENCODING_TYPE_RRE: case ENCODING_TYPE_RRE:
rfb_decoder_rre_encoding (decoder, x, y, w, h); ret = rfb_decoder_rre_encoding (decoder, x, y, w, h);
break; break;
case ENCODING_TYPE_CORRE: case ENCODING_TYPE_CORRE:
rfb_decoder_corre_encoding (decoder, x, y, w, h); ret = rfb_decoder_corre_encoding (decoder, x, y, w, h);
break; break;
case ENCODING_TYPE_HEXTILE: case ENCODING_TYPE_HEXTILE:
rfb_decoder_hextile_encoding (decoder, x, y, w, h); ret = rfb_decoder_hextile_encoding (decoder, x, y, w, h);
break; break;
default: default:
g_critical ("unimplemented encoding\n"); g_critical ("unimplemented encoding\n");
break; break;
} }
if (!ret)
return FALSE;
decoder->n_rects--; decoder->n_rects--;
if (decoder->n_rects == 0) { if (decoder->n_rects == 0) {
decoder->state = NULL; decoder->state = NULL;
} else { } else {
decoder->state = rfb_decoder_state_framebuffer_update_rectangle; decoder->state = rfb_decoder_state_framebuffer_update_rectangle;
} }
return TRUE; return TRUE;
} }
static void static gboolean
rfb_decoder_raw_encoding (RfbDecoder * decoder, gint start_x, gint start_y, rfb_decoder_raw_encoding (RfbDecoder * decoder, gint start_x, gint start_y,
gint rect_w, gint rect_h) gint rect_w, gint rect_h)
{ {
@ -817,8 +855,11 @@ rfb_decoder_raw_encoding (RfbDecoder * decoder, gint start_x, gint start_y,
raw_line_size = rect_w * decoder->bytespp; raw_line_size = rect_w * decoder->bytespp;
size = rect_h * raw_line_size; size = rect_h * raw_line_size;
GST_DEBUG ("Reading %d bytes (%dx%d)", size, rect_w, rect_h); GST_DEBUG ("Reading %d bytes (%dx%d)", size, rect_w, rect_h);
rfb_decoder_read (decoder, size);
if (!rfb_decoder_read (decoder, size))
return FALSE;
frame = frame =
decoder->frame + (((start_y * decoder->rect_width) + decoder->frame + (((start_y * decoder->rect_width) +
@ -830,9 +871,11 @@ rfb_decoder_raw_encoding (RfbDecoder * decoder, gint start_x, gint start_y,
p += raw_line_size; p += raw_line_size;
frame += decoder->line_size; frame += decoder->line_size;
} }
return TRUE;
} }
static void static gboolean
rfb_decoder_copyrect_encoding (RfbDecoder * decoder, gint start_x, gint start_y, rfb_decoder_copyrect_encoding (RfbDecoder * decoder, gint start_x, gint start_y,
gint rect_w, gint rect_h) gint rect_w, gint rect_h)
{ {
@ -840,7 +883,8 @@ rfb_decoder_copyrect_encoding (RfbDecoder * decoder, gint start_x, gint start_y,
gint line_width, copyrect_width; gint line_width, copyrect_width;
guint8 *src, *dst; guint8 *src, *dst;
rfb_decoder_read (decoder, 4); if (!rfb_decoder_read (decoder, 4))
return FALSE;
/* don't forget the offset */ /* don't forget the offset */
src_x = RFB_GET_UINT16 (decoder->data) - decoder->offset_x; src_x = RFB_GET_UINT16 (decoder->data) - decoder->offset_x;
@ -861,6 +905,8 @@ rfb_decoder_copyrect_encoding (RfbDecoder * decoder, gint start_x, gint start_y,
src += line_width; src += line_width;
dst += line_width; dst += line_width;
} }
return TRUE;
} }
static void static void
@ -882,14 +928,16 @@ rfb_decoder_fill_rectangle (RfbDecoder * decoder, gint x, gint y, gint w,
} }
} }
static void static gboolean
rfb_decoder_rre_encoding (RfbDecoder * decoder, gint start_x, gint start_y, rfb_decoder_rre_encoding (RfbDecoder * decoder, gint start_x, gint start_y,
gint rect_w, gint rect_h) gint rect_w, gint rect_h)
{ {
guint32 number_of_rectangles, color; guint32 number_of_rectangles, color;
guint16 x, y, w, h; guint16 x, y, w, h;
rfb_decoder_read (decoder, 4 + decoder->bytespp); if (!rfb_decoder_read (decoder, 4 + decoder->bytespp))
return FALSE;
number_of_rectangles = RFB_GET_UINT32 (decoder->data); number_of_rectangles = RFB_GET_UINT32 (decoder->data);
color = GUINT32_SWAP_LE_BE ((RFB_GET_UINT32 (decoder->data + 4))); color = GUINT32_SWAP_LE_BE ((RFB_GET_UINT32 (decoder->data + 4)));
@ -900,7 +948,9 @@ rfb_decoder_rre_encoding (RfbDecoder * decoder, gint start_x, gint start_y,
while (number_of_rectangles--) { while (number_of_rectangles--) {
rfb_decoder_read (decoder, decoder->bytespp + 8); if (!rfb_decoder_read (decoder, decoder->bytespp + 8))
return FALSE;
color = GUINT32_SWAP_LE_BE ((RFB_GET_UINT32 (decoder->data))); color = GUINT32_SWAP_LE_BE ((RFB_GET_UINT32 (decoder->data)));
x = RFB_GET_UINT16 (decoder->data + decoder->bytespp); x = RFB_GET_UINT16 (decoder->data + decoder->bytespp);
y = RFB_GET_UINT16 (decoder->data + decoder->bytespp + 2); y = RFB_GET_UINT16 (decoder->data + decoder->bytespp + 2);
@ -910,16 +960,20 @@ rfb_decoder_rre_encoding (RfbDecoder * decoder, gint start_x, gint start_y,
/* draw the rectangle in the foreground */ /* draw the rectangle in the foreground */
rfb_decoder_fill_rectangle (decoder, start_x + x, start_y + y, w, h, color); rfb_decoder_fill_rectangle (decoder, start_x + x, start_y + y, w, h, color);
} }
return TRUE;
} }
static void static gboolean
rfb_decoder_corre_encoding (RfbDecoder * decoder, gint start_x, gint start_y, rfb_decoder_corre_encoding (RfbDecoder * decoder, gint start_x, gint start_y,
gint rect_w, gint rect_h) gint rect_w, gint rect_h)
{ {
guint32 number_of_rectangles, color; guint32 number_of_rectangles, color;
guint8 x, y, w, h; guint8 x, y, w, h;
rfb_decoder_read (decoder, 4 + decoder->bytespp); if (!rfb_decoder_read (decoder, 4 + decoder->bytespp))
return FALSE;
number_of_rectangles = RFB_GET_UINT32 (decoder->data); number_of_rectangles = RFB_GET_UINT32 (decoder->data);
color = GUINT32_SWAP_LE_BE ((RFB_GET_UINT32 (decoder->data + 4))); color = GUINT32_SWAP_LE_BE ((RFB_GET_UINT32 (decoder->data + 4)));
g_free (decoder->data); g_free (decoder->data);
@ -931,7 +985,9 @@ rfb_decoder_corre_encoding (RfbDecoder * decoder, gint start_x, gint start_y,
while (number_of_rectangles--) { while (number_of_rectangles--) {
rfb_decoder_read (decoder, decoder->bytespp + 4); if (!rfb_decoder_read (decoder, decoder->bytespp + 4))
return FALSE;
color = GUINT32_SWAP_LE_BE ((RFB_GET_UINT32 (decoder->data))); color = GUINT32_SWAP_LE_BE ((RFB_GET_UINT32 (decoder->data)));
x = RFB_GET_UINT8 (decoder->data + decoder->bytespp); x = RFB_GET_UINT8 (decoder->data + decoder->bytespp);
y = RFB_GET_UINT8 (decoder->data + decoder->bytespp + 1); y = RFB_GET_UINT8 (decoder->data + decoder->bytespp + 1);
@ -943,9 +999,11 @@ rfb_decoder_corre_encoding (RfbDecoder * decoder, gint start_x, gint start_y,
g_free (decoder->data); g_free (decoder->data);
} }
return TRUE;
} }
static void static gboolean
rfb_decoder_hextile_encoding (RfbDecoder * decoder, gint start_x, gint start_y, rfb_decoder_hextile_encoding (RfbDecoder * decoder, gint start_x, gint start_y,
gint rect_w, gint rect_h) gint rect_w, gint rect_h)
{ {
@ -967,7 +1025,9 @@ rfb_decoder_hextile_encoding (RfbDecoder * decoder, gint start_x, gint start_y,
for (y = start_y; y < y_max; y += 16) { for (y = start_y; y < y_max; y += 16) {
for (x = start_x; x < x_max; x += 16) { for (x = start_x; x < x_max; x += 16) {
rfb_decoder_read (decoder, 1); if (!rfb_decoder_read (decoder, 1))
return FALSE;
subencoding = RFB_GET_UINT8 (decoder->data); subencoding = RFB_GET_UINT8 (decoder->data);
if (subencoding & SUBENCODING_RAW) { if (subencoding & SUBENCODING_RAW) {
@ -977,7 +1037,9 @@ rfb_decoder_hextile_encoding (RfbDecoder * decoder, gint start_x, gint start_y,
} }
if (subencoding & SUBENCODING_BACKGROUND) { if (subencoding & SUBENCODING_BACKGROUND) {
rfb_decoder_read (decoder, decoder->bytespp); if (!rfb_decoder_read (decoder, decoder->bytespp))
return FALSE;
background = GUINT32_SWAP_LE_BE ((RFB_GET_UINT32 (decoder->data))); background = GUINT32_SWAP_LE_BE ((RFB_GET_UINT32 (decoder->data)));
} }
rfb_decoder_fill_rectangle (decoder, x, y, rfb_decoder_fill_rectangle (decoder, x, y,
@ -985,12 +1047,16 @@ rfb_decoder_hextile_encoding (RfbDecoder * decoder, gint start_x, gint start_y,
background); background);
if (subencoding & SUBENCODING_FOREGROUND) { if (subencoding & SUBENCODING_FOREGROUND) {
rfb_decoder_read (decoder, decoder->bytespp); if (!rfb_decoder_read (decoder, decoder->bytespp))
return FALSE;
foreground = GUINT32_SWAP_LE_BE ((RFB_GET_UINT32 (decoder->data))); foreground = GUINT32_SWAP_LE_BE ((RFB_GET_UINT32 (decoder->data)));
} }
if (subencoding & SUBENCODING_ANYSUBRECTS) { if (subencoding & SUBENCODING_ANYSUBRECTS) {
rfb_decoder_read (decoder, 1); if (!rfb_decoder_read (decoder, 1))
return FALSE;
nr_subrect = RFB_GET_UINT8 (decoder->data); nr_subrect = RFB_GET_UINT8 (decoder->data);
} else { } else {
continue; continue;
@ -999,7 +1065,8 @@ rfb_decoder_hextile_encoding (RfbDecoder * decoder, gint start_x, gint start_y,
if (subencoding & SUBENCODING_SUBRECTSCOLORED) { if (subencoding & SUBENCODING_SUBRECTSCOLORED) {
guint offset = 0; guint offset = 0;
rfb_decoder_read (decoder, nr_subrect * (2 + decoder->bytespp)); if (!rfb_decoder_read (decoder, nr_subrect * (2 + decoder->bytespp)))
return FALSE;
while (nr_subrect--) { while (nr_subrect--) {
foreground = foreground =
@ -1013,7 +1080,8 @@ rfb_decoder_hextile_encoding (RfbDecoder * decoder, gint start_x, gint start_y,
} else { } else {
guint offset = 0; guint offset = 0;
rfb_decoder_read (decoder, 2 * nr_subrect); if (!rfb_decoder_read (decoder, 2 * nr_subrect))
return FALSE;
while (nr_subrect--) { while (nr_subrect--) {
xy = RFB_GET_UINT8 (decoder->data + offset++); xy = RFB_GET_UINT8 (decoder->data + offset++);
@ -1024,6 +1092,8 @@ rfb_decoder_hextile_encoding (RfbDecoder * decoder, gint start_x, gint start_y,
} }
} }
} }
return TRUE;
} }
static gboolean static gboolean
@ -1040,13 +1110,18 @@ rfb_decoder_state_server_cut_text (RfbDecoder * decoder)
gint cut_text_length; gint cut_text_length;
/* 3 bytes padding, 4 bytes cut_text_length */ /* 3 bytes padding, 4 bytes cut_text_length */
rfb_decoder_read (decoder, 7); if (!rfb_decoder_read (decoder, 7))
return FALSE;
cut_text_length = RFB_GET_UINT32 (decoder->data + 3); cut_text_length = RFB_GET_UINT32 (decoder->data + 3);
rfb_decoder_read (decoder, cut_text_length); if (!rfb_decoder_read (decoder, cut_text_length))
return FALSE;
GST_DEBUG ("rfb_decoder_state_server_cut_text: throw away '%s'", GST_DEBUG ("rfb_decoder_state_server_cut_text: throw away '%s'",
decoder->data); decoder->data);
decoder->state = rfb_decoder_state_normal; decoder->state = rfb_decoder_state_normal;
return TRUE; return TRUE;
} }