diff -up tigervnc-1.3.0/common/CMakeLists.txt.CVE-2014-0011 tigervnc-1.3.0/common/CMakeLists.txt

--- tigervnc-1.3.0/common/CMakeLists.txt.CVE-2014-0011	2013-07-01 13:42:01.000000000 +0100

+++ tigervnc-1.3.0/common/CMakeLists.txt	2014-02-04 16:59:10.840037314 +0000

@@ -23,3 +23,6 @@ if(CMAKE_COMPILER_IS_GNUCXX AND (CMAKE_S

     set_target_properties(zlib PROPERTIES COMPILE_FLAGS -fPIC)

   endif()

 endif()

+

+# Turn asserts on.

+set_target_properties(rdr rfb PROPERTIES COMPILE_FLAGS -UNDEBUG)

diff -up tigervnc-1.3.0/common/rfb/zrleDecode.h.CVE-2014-0011 tigervnc-1.3.0/common/rfb/zrleDecode.h

--- tigervnc-1.3.0/common/rfb/zrleDecode.h.CVE-2014-0011	2013-07-01 13:41:59.000000000 +0100

+++ tigervnc-1.3.0/common/rfb/zrleDecode.h	2014-02-04 16:17:00.881565540 +0000

@@ -25,9 +25,10 @@

 // FILL_RECT          - fill a rectangle with a single colour

 // IMAGE_RECT         - draw a rectangle of pixel data from a buffer

+#include <stdio.h>

 #include <rdr/InStream.h>

 #include <rdr/ZlibInStream.h>

-#include <assert.h>

+#include <rfb/Exception.h>

 namespace rfb {

@@ -143,7 +144,10 @@ void ZRLE_DECODE (const Rect& r, rdr::In

               len += b;

             } while (b == 255);

-            assert(len <= end - ptr);

+	    if (end - ptr < len) {

+	      fprintf (stderr, "ZRLE decode error\n");

+	      throw Exception ("ZRLE decode error");

+	    }

 #ifdef FAVOUR_FILL_RECT

             int i = ptr - buf;

@@ -193,7 +197,10 @@ void ZRLE_DECODE (const Rect& r, rdr::In

                 len += b;

               } while (b == 255);

-              assert(len <= end - ptr);

+	      if (end - ptr < len) {

+		fprintf (stderr, "ZRLE decode error\n");

+		throw Exception ("ZRLE decode error");

+	      }

             }

             index &= 127;