From de175b7f389b24d6e1a896ee39a7e79e85f6aee3 Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Mon, 5 Dec 2022 13:00:07 +0100
Subject: [PATCH] [cache,pointer] ignore pointer cache index violations

If a pointer cache index is out of range for the corresponding size
announced by the capability but within range of the total cache size
only print a warning but do not abort.
---
 libfreerdp/cache/pointer.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/libfreerdp/cache/pointer.c b/libfreerdp/cache/pointer.c
index 81bdf753b..7dcec8b5b 100644
--- a/libfreerdp/cache/pointer.c
+++ b/libfreerdp/cache/pointer.c
@@ -301,7 +301,7 @@ BOOL pointer_cache_put(rdpPointerCache* pointer_cache, UINT32 index, rdpPointer*
 	WINPR_ASSERT(pointer_cache->context);
 
 	const UINT32 size = freerdp_settings_get_uint32(pointer_cache->context->settings, id);
-	if ((index >= pointer_cache->cacheSize) || (index >= size))
+	if (index >= pointer_cache->cacheSize)
 	{
 		WLog_ERR(TAG,
 		         "invalid pointer index:%" PRIu32 " [allocated %" PRIu32 ", %s size %" PRIu32 "]",
@@ -309,6 +309,14 @@ BOOL pointer_cache_put(rdpPointerCache* pointer_cache, UINT32 index, rdpPointer*
 		         colorCache ? "color-pointer-cache" : "pointer-cache", size);
 		return FALSE;
 	}
+	if (index >= size)
+	{
+		WLog_WARN(TAG,
+		          "suspicious pointer index:%" PRIu32 " [allocated %" PRIu32 ", %s size %" PRIu32
+		          "]",
+		          index, pointer_cache->cacheSize,
+		          colorCache ? "color-pointer-cache" : "pointer-cache", size);
+	}
 
 	WINPR_ASSERT(pointer_cache->entries);
 	prevPointer = pointer_cache->entries[index];