Validate decoded image dimensions

They are expected to be a certain size, so verify this so no server
tries to do something broken.

diff --git a/core/decoders/tight.js b/core/decoders/tight.js
index b1ee91acc1eff6fce616f9d96e1248f41a2cc611..7695d447b16a583668310f7c62fd53b028efd11d 100644 (file)
--- a/core/decoders/tight.js
+++ b/core/decoders/tight.js
@@ -92,7 +92,7 @@ export default class TightDecoder {
             return false;
         }
 
-        display.imageRect(x, y, "image/jpeg", data);
+        display.imageRect(x, y, width, height, "image/jpeg", data);
 
         return true;
     }

diff --git a/core/decoders/tightpng.js b/core/decoders/tightpng.js
index fbdeac6c2a56fb56582fa31dc8a0fdeb5478731e..82f492de8dbdd3f69f97243bea391f06494fa211 100644 (file)
--- a/core/decoders/tightpng.js
+++ b/core/decoders/tightpng.js
@@ -16,7 +16,7 @@ export default class TightPNGDecoder extends TightDecoder {
             return false;
         }
 
-        display.imageRect(x, y, "image/png", data);
+        display.imageRect(x, y, width, height, "image/png", data);
 
         return true;
     }

diff --git a/core/display.js b/core/display.js
index 097684dbbc2c90d54fdf8e3835c4b0330814b91b..c89571704660f8feadaca87f06ef1a613c362f28 100644 (file)
--- a/core/display.js
+++ b/core/display.js
@@ -359,14 +359,16 @@ export default class Display {
         }
     }
 
-    imageRect(x, y, mime, arr) {
+    imageRect(x, y, width, height, mime, arr) {
         const img = new Image();
         img.src = "data: " + mime + ";base64," + Base64.encode(arr);
         this._renderQ_push({
             'type': 'img',
             'img': img,
             'x': x,
-            'y': y
+            'y': y,
+            'width': width,
+            'height': height
         });
     }
 
@@ -616,6 +618,12 @@ export default class Display {
                     break;
                 case 'img':
                     if (a.img.complete) {
+                        if (a.img.width !== a.width || a.img.height !== a.height) {
+                            Log.Error("Decoded image has incorrect dimensions. Got " +
+                                      a.img.width + "x" + a.img.height + ". Expected " +
+                                      a.width + "x" + a.height + ".");
+                            return;
+                        }
                         this.drawImage(a.img, a.x, a.y);
                     } else {
                         a.img._noVNC_display = this;

diff --git a/docs/API-internal.md b/docs/API-internal.md
index f7346a9ee6c20b528c8f0a105da92010cce5e591..f1519422ee4996afc7805202c86e9537df929150 100644 (file)
--- a/docs/API-internal.md
+++ b/docs/API-internal.md
@@ -103,7 +103,7 @@ None
 | flush              | ()                                                      | Resume processing the render queue unless it's empty
 | fillRect           | (x, y, width, height, color, from_queue)                | Draw a filled in rectangle
 | copyImage          | (old_x, old_y, new_x, new_y, width, height, from_queue) | Copy a rectangular area
-| imageRect          | (x, y, mime, arr)                                       | Draw a rectangle with an image
+| imageRect          | (x, y, width, height, mime, arr)                        | Draw a rectangle with an image
 | startTile          | (x, y, width, height, color)                            | Begin updating a tile
 | subTile            | (tile, x, y, w, h, color)                               | Update a sub-rectangle within the given tile
 | finishTile         | ()                                                      | Draw the current tile to the display