From 445a5a42c500ceb80f8fa7f2c11f3682538033f3 Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Mon, 22 Oct 2018 16:25:13 +0200
Subject: [PATCH] Fixed CVE-2018-8786

Thanks to Eyal Itkin from Check Point Software Technologies.
---
 libfreerdp/core/update.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/libfreerdp/core/update.c b/libfreerdp/core/update.c
index 5e0757dcb..c2ca42cc4 100644
--- a/libfreerdp/core/update.c
+++ b/libfreerdp/core/update.c
@@ -208,11 +208,9 @@ BITMAP_UPDATE* update_read_bitmap_update(rdpUpdate* update, wStream* s)
 
 	if (bitmapUpdate->number > bitmapUpdate->count)
 	{
-		UINT16 count;
-		BITMAP_DATA* newdata;
-		count = bitmapUpdate->number * 2;
-		newdata = (BITMAP_DATA*) realloc(bitmapUpdate->rectangles,
-		                                 sizeof(BITMAP_DATA) * count);
+		UINT32 count = bitmapUpdate->number * 2;
+		BITMAP_DATA* newdata = (BITMAP_DATA*) realloc(bitmapUpdate->rectangles,
+		                       sizeof(BITMAP_DATA) * count);
 
 		if (!newdata)
 			goto fail;