From 1ff2681b423ff388dc89b3930d197d239c4f583b Mon Sep 17 00:00:00 2001 From: ehdgks0627 Date: Tue, 10 Feb 2026 08:21:19 +0900 Subject: [PATCH] VRDP: Fix incorrect index check in QueryClientMonitorRect QueryClientMonitorRect uses '>' instead of '>=' to validate uScreenId, allowing an out-of-range access to m_paRects when the server has more monitors than the client reported. The adjacent IsScreenMatched already uses '>=' correctly. --- src/VBox/RDP/server/vrdpdmap.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/VBox/RDP/server/vrdpdmap.cpp b/src/VBox/RDP/server/vrdpdmap.cpp index 74007b8379f..db20c8f2251 100644 --- a/src/VBox/RDP/server/vrdpdmap.cpp +++ b/src/VBox/RDP/server/vrdpdmap.cpp @@ -690,7 +690,7 @@ VRDPClientDesktopMapMultiMon::VRDPClientDesktopMapMultiMon(VRDPTP *pTP) /* virtual */ void VRDPClientDesktopMapMultiMon::QueryClientMonitorRect (unsigned uScreenId, RGNRECT *pRect) { - if (uScreenId > m_cMonitors) + if (uScreenId >= m_cMonitors) { pRect->x = 0; pRect->y = 0;