wsd, clientsession: guard against negative w/h in clientvisiblearea
(cherry picked from commit c3c80f00a6
)
Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Change-Id: I34435276afbdc02b6e820b630560608f16f3a0e0
pull/8448/head
parent
1172d2ff73
commit
54258e8d84
Binary file not shown.
|
@ -775,6 +775,16 @@ bool ClientSession::_handleInput(const char *buffer, int length)
|
|||
_splitY = splitY;
|
||||
}
|
||||
|
||||
// Untrusted user input, make sure these are not negative.
|
||||
if (width < 0)
|
||||
{
|
||||
width = 0;
|
||||
}
|
||||
if (height < 0)
|
||||
{
|
||||
height = 0;
|
||||
}
|
||||
|
||||
_clientVisibleArea = Util::Rectangle(x, y, width, height);
|
||||
return forwardToChild(std::string(buffer, length), docBroker);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue