From 234f5aff1acdda7ad71abf9ea3fe8739a9f58471 Mon Sep 17 00:00:00 2001
From: Nick Couchman <vnick@apache.org>
Date: Sat, 16 May 2020 21:12:53 -0400
Subject: [PATCH 1/2] GUACAMOLE-1059: Check array boundary for sound formats.

---
 src/protocols/rdp/channels/rdpsnd/rdpsnd-messages.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/protocols/rdp/channels/rdpsnd/rdpsnd-messages.c b/src/protocols/rdp/channels/rdpsnd/rdpsnd-messages.c
index c057cd11..deec8866 100644
--- a/src/protocols/rdp/channels/rdpsnd/rdpsnd-messages.c
+++ b/src/protocols/rdp/channels/rdpsnd/rdpsnd-messages.c
@@ -296,7 +296,7 @@ void guac_rdpsnd_wave_info_handler(guac_rdp_common_svc* svc,
     rdpsnd->next_pdu_is_wave = TRUE;
 
     /* Reset audio stream if format has changed */
-    if (audio != NULL)
+    if (audio != NULL && format < sizeof(rdpsnd->formats))
         guac_audio_stream_reset(audio, NULL,
                 rdpsnd->formats[format].rate,
                 rdpsnd->formats[format].channels,

From ff34146f5709dbdf6ceaafea9640540db5dcc4f1 Mon Sep 17 00:00:00 2001
From: Nick Couchman <vnick@apache.org>
Date: Sat, 23 May 2020 07:53:05 -0400
Subject: [PATCH 2/2] GUACAMOLE-1059: Log array boundary violation for sound
 formats.

---
 .../rdp/channels/rdpsnd/rdpsnd-messages.c       | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/protocols/rdp/channels/rdpsnd/rdpsnd-messages.c b/src/protocols/rdp/channels/rdpsnd/rdpsnd-messages.c
index deec8866..2256fb27 100644
--- a/src/protocols/rdp/channels/rdpsnd/rdpsnd-messages.c
+++ b/src/protocols/rdp/channels/rdpsnd/rdpsnd-messages.c
@@ -296,11 +296,18 @@ void guac_rdpsnd_wave_info_handler(guac_rdp_common_svc* svc,
     rdpsnd->next_pdu_is_wave = TRUE;
 
     /* Reset audio stream if format has changed */
-    if (audio != NULL && format < sizeof(rdpsnd->formats))
-        guac_audio_stream_reset(audio, NULL,
-                rdpsnd->formats[format].rate,
-                rdpsnd->formats[format].channels,
-                rdpsnd->formats[format].bps);
+    if (audio != NULL) {
+        if (format < sizeof(rdpsnd->formats)) 
+            guac_audio_stream_reset(audio, NULL,
+                    rdpsnd->formats[format].rate,
+                    rdpsnd->formats[format].channels,
+                    rdpsnd->formats[format].bps);
+    
+        else
+            guac_client_log(svc->client, GUAC_LOG_WARNING, "RDP server "
+                    "attempted to specify an invalid audio format. Sound may "
+                    "not work as expected.");
+    }
 
 }