[Bugfix] Use rdr::U32 type for length of strings handled by *CutText functions.
This avoids big buffer overflow when memcpy is called with "-1" argument.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@3607 3789f03b-4d11-0410-bbf8-ca57d06f2519
diff --git a/common/rfb/CMsgReader.cxx b/common/rfb/CMsgReader.cxx
index 0e3d967..488f549 100644
--- a/common/rfb/CMsgReader.cxx
+++ b/common/rfb/CMsgReader.cxx
@@ -60,7 +60,7 @@
void CMsgReader::readServerCutText()
{
is->skip(3);
- int len = is->readU32();
+ rdr::U32 len = is->readU32();
if (len > 256*1024) {
is->skip(len);
fprintf(stderr,"cut text too long (%d bytes) - ignoring\n",len);