libvncserver/font.c: add some checks to rfbDrawChar().

In some cases (bad font data) the coordinates evaluate to <0, causing a segfault in the following memcpy(). [jes: keep the offset, but do not try to segfault] Signed-off-by: Christian Beier <dontmind@freeshell.org> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

libvncserver/font.c: add some checks to rfbDrawChar().
In some cases (bad font data) the coordinates evaluate to <0, causing a segfault in the following memcpy(). [jes: keep the offset, but do not try to segfault] Signed-off-by: Christian Beier <dontmind@freeshell.org> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
07008dee · Christian Beier · Johannes Schindelin · 6220f130 · 07008dee
Commit 07008dee authored Jan 07, 2010 by Christian Beier Committed by Johannes Schindelin Jan 07, 2010
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

font.c libvncserver/font.c +2 -1

No files found.
--- a/libvncserver/font.c
+++ b/libvncserver/font.c
@@ -24,7 +24,8 @@ int rfbDrawChar(rfbScreenInfoPtr rfbScreen,rfbFontDataPtr font,
 	d=*data;
 	data++;
      }
-      if(d&0x80)
+      if(d&0x80 && y+j >= 0 && y+j < rfbScreen->height &&
+          x+i >= 0 && x+i < rfbScreen->width)
 	memcpy(rfbScreen->frameBuffer+(y+j)*rowstride+(x+i)*bpp,colour,bpp);
      d<<=1;
    }