summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristian Beier <[email protected]>2010-01-07 18:58:49 +0100
committerJohannes Schindelin <[email protected]>2010-01-07 18:58:49 +0100
commit07008deea297c3e1183f0c9bdeb071b128ff4619 (patch)
tree72f3c35e847d7fe8cac7cc0095a39574d1abd01f
parent6220f13003a0d73d7659bd77fbe29abefa49969f (diff)
downloadlibtdevnc-07008deea297c3e1183f0c9bdeb071b128ff4619.tar.gz
libtdevnc-07008deea297c3e1183f0c9bdeb071b128ff4619.zip
libvncserver/font.c: add some checks to rfbDrawChar().
In some cases (bad font data) the coordinates evaluate to <0, causing a segfault in the following memcpy(). [jes: keep the offset, but do not try to segfault] Signed-off-by: Christian Beier <[email protected]> Signed-off-by: Johannes Schindelin <[email protected]>
-rwxr-xr-xlibvncserver/font.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/libvncserver/font.c b/libvncserver/font.c
index 8ba1020..a9091d2 100755
--- a/libvncserver/font.c
+++ b/libvncserver/font.c
@@ -24,7 +24,8 @@ int rfbDrawChar(rfbScreenInfoPtr rfbScreen,rfbFontDataPtr font,
d=*data;
data++;
}
- if(d&0x80)
+ if(d&0x80 && y+j >= 0 && y+j < rfbScreen->height &&
+ x+i >= 0 && x+i < rfbScreen->width)
memcpy(rfbScreen->frameBuffer+(y+j)*rowstride+(x+i)*bpp,colour,bpp);
d<<=1;
}