From 89e6f357b5c3df73945ad6e85538876e0b9c13ca Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Tue, 24 Sep 2024 11:34:02 +0200
Subject: [PATCH] [utils,smartcard] fix possible integer overflow

---
 libfreerdp/utils/smartcard_call.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libfreerdp/utils/smartcard_call.c b/libfreerdp/utils/smartcard_call.c
index aa1fb264e..9a3b3916d 100644
--- a/libfreerdp/utils/smartcard_call.c
+++ b/libfreerdp/utils/smartcard_call.c
@@ -227,6 +227,7 @@ static LONG smartcard_ListReaderGroupsW_Call(scard_call_context* smartcard, wStr
 
 	ret.msz = (BYTE*)mszGroups;
 
+	WINPR_ASSERT(cchGroups < SCARD_AUTOALLOCATE / sizeof(WCHAR));
 	const size_t blen = sizeof(WCHAR) * cchGroups;
 	WINPR_ASSERT(blen <= UINT32_MAX);
 	ret.cBytes = (UINT32)blen;
@@ -1294,7 +1295,7 @@ static LONG smartcard_StatusW_Call(scard_call_context* smartcard, wStream* out,
 	}
 
 	/* SCardStatusW returns number of characters, we need number of bytes */
-	WINPR_ASSERT(ret.cBytes != SCARD_AUTOALLOCATE);
+	WINPR_ASSERT(ret.cBytes < SCARD_AUTOALLOCATE / sizeof(WCHAR));
 	const size_t blen = sizeof(WCHAR) * ret.cBytes;
 	WINPR_ASSERT(blen <= UINT32_MAX);
 	ret.cBytes = (UINT32)blen;