From 91a1535f88a00bbb2b212b6a808a021aa4f486f8 Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Tue, 16 Apr 2024 08:45:03 +0200
Subject: [PATCH] [codec,ncrush] fix missing input length check

---
 libfreerdp/codec/ncrush.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libfreerdp/codec/ncrush.c b/libfreerdp/codec/ncrush.c
index faf583f3e..eb69da2f4 100644
--- a/libfreerdp/codec/ncrush.c
+++ b/libfreerdp/codec/ncrush.c
@@ -2068,6 +2068,12 @@ int ncrush_decompress(NCRUSH_CONTEXT* ncrush, const BYTE* pSrcData, UINT32 SrcSi
 		return 1;
 	}
 
+	if (SrcSize < 4)
+	{
+		WLog_ERR(TAG, "Input size short: SrcSize %" PRIu32 " < 4", SrcSize);
+		return -1;
+	}
+
 	const BYTE* SrcEnd = &pSrcData[SrcSize];
 	const BYTE* SrcPtr = pSrcData + 4;