Avoid out-of-bounds memory accesses
This fixes two critical security vulnerabilities that lead to an out-of-bounds memory access with a crafted client framebuffer update request packet. The dimensions of the update from the packet are checked to ensure that they are within the screen dimensions. Thanks to Kevin Chen from the Bitblaze group for the reports in bugs 641802 and 641803. The CVE identifiers for these vulnerabilities are CVE-2011-0904 and CVE-2011-0905.
Showing with 4 additions and 0 deletions