Fix a buffer overflow on platforms where sizeof(long) > sizeof(int). https://bugs.gentoo.org/show_bug.cgi?id=329031 --- libvncserver/tightvnc-filetransfer/filetransfermsg.c +++ libvncserver/tightvnc-filetransfer/filetransfermsg.c @@ -393,7 +393,8 @@ CreateFileDownloadZeroSizeDataMsg(unsigned long mTime) { FileTransferMsg fileDownloadZeroSizeDataMsg; - int length = sz_rfbFileDownloadDataMsg + sizeof(int); + uint32_t mTime32 = (uint32_t)mTime; + int length = sz_rfbFileDownloadDataMsg + sizeof(mTime32); rfbFileDownloadDataMsg *pFDD = NULL; char *pFollow = NULL; @@ -413,7 +414,7 @@ pFDD->compressedSize = Swap16IfLE(0); pFDD->realSize = Swap16IfLE(0); - memcpy(pFollow, &mTime, sizeof(unsigned long)); + memcpy(pFollow, &mTime, sizeof(mTime32)); fileDownloadZeroSizeDataMsg.data = pData; fileDownloadZeroSizeDataMsg.length = length;