wsd, clientsession: guard against negative w/h in clientvisiblearea
Signed-off-by: Miklos Vajna <vmiklos@collabora.com> Change-Id: I34435276afbdc02b6e820b630560608f16f3a0e0pull/8392/head
parent
6f7f0d6ace
commit
c3c80f00a6
Binary file not shown.
|
@ -775,6 +775,16 @@ bool ClientSession::_handleInput(const char *buffer, int length)
|
|||
_splitY = splitY;
|
||||
}
|
||||
|
||||
// Untrusted user input, make sure these are not negative.
|
||||
if (width < 0)
|
||||
{
|
||||
width = 0;
|
||||
}
|
||||
if (height < 0)
|
||||
{
|
||||
height = 0;
|
||||
}
|
||||
|
||||
_clientVisibleArea = Util::Rectangle(x, y, width, height);
|
||||
return forwardToChild(std::string(buffer, length), docBroker);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue