From fdb6195bbc22e27348732192b3af79e210a8f4d1 Mon Sep 17 00:00:00 2001
From: Jay Sorg <jay.sorg@gmail.com>
Date: Tue, 18 Oct 2016 15:43:20 -0700
Subject: [PATCH] rail, text length checks

---
 libxrdp/xrdp_orders_rail.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libxrdp/xrdp_orders_rail.c b/libxrdp/xrdp_orders_rail.c
index 68a5d2fa..a07bb2e8 100644
--- a/libxrdp/xrdp_orders_rail.c
+++ b/libxrdp/xrdp_orders_rail.c
@@ -264,6 +264,7 @@ xrdp_orders_send_window_new_update(struct xrdp_orders *self, int window_id,
         /* titleInfo */
         num_chars = g_mbstowcs(0, window_state->title_info, 0);
         num_chars = MIN(num_chars, 2 * 1024);
+        num_chars = MAX(num_chars, 0);
         order_size += 2 * num_chars + 2;
     }
 
@@ -541,6 +542,7 @@ xrdp_orders_send_notify_new_update(struct xrdp_orders *self,
         /* ToolTip (variable) UNICODE_STRING */
         num_chars = g_mbstowcs(0, notify_state->tool_tip, 0);
         num_chars = MIN(num_chars, 2 * 1024);
+        num_chars = MAX(num_chars, 0);
         order_size += 2 * num_chars + 2;
     }
 
@@ -550,10 +552,12 @@ xrdp_orders_send_notify_new_update(struct xrdp_orders *self,
         /* UNICODE_STRING */
         num_chars = g_mbstowcs(0, notify_state->infotip.title, 0);
         num_chars = MIN(num_chars, 2 * 1024);
+        num_chars = MAX(num_chars, 0);
         order_size += 2 * num_chars + 2;
         /* UNICODE_STRING */
         num_chars = g_mbstowcs(0, notify_state->infotip.text, 0);
         num_chars = MIN(num_chars, 2 * 1024);
+        num_chars = MAX(num_chars, 0);
         order_size += 2 * num_chars + 2;
         /* Timeout (4 bytes) */
         /* InfoFlags (4 bytes) */