From: David Herrmann <dh.herrmann@googlemail.com>
Date: Mon, 1 Oct 2012 10:46:09 +0000 (+0200)
Subject: tsm: screen: fix out-of-bounds access when drawing sb
X-Git-Tag: kmscon-7~431
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=79692f655a507a7bc473dd3846d175ddcb48d85d;p=platform%2Fupstream%2Fkmscon.git

tsm: screen: fix out-of-bounds access when drawing sb

When drawing scroll-back buffer, we cannot guarantee that the lines are as
long as the current screen. Therefore, check that we aren't accessing out
of bounds and draw empty glyphs instead.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
---

diff --git a/src/tsm_screen.c b/src/tsm_screen.c
index 9f900c9..260cd89 100644
--- a/src/tsm_screen.c
+++ b/src/tsm_screen.c
@@ -1306,10 +1306,13 @@ void tsm_screen_draw(struct tsm_screen *con,
 	uint64_t time_prep = 0, time_draw = 0, time_rend = 0;
 	const uint32_t *ch;
 	size_t len;
+	struct cell empty;
 
 	if (!con || !draw_cb)
 		return;
 
+	cell_init(con, &empty);
+
 	cur_x = con->cursor_x;
 	if (con->cursor_x >= con->size_x)
 		cur_x = con->size_x - 1;
@@ -1353,7 +1356,10 @@ void tsm_screen_draw(struct tsm_screen *con,
 		}
 
 		for (j = 0; j < con->size_x; ++j) {
-			cell = &line->cells[j];
+			if (j < line->size)
+				cell = &line->cells[j];
+			else
+				cell = &empty;
 			memcpy(&attr, &cell->attr, sizeof(attr));
 
 			if (k == cur_y + 1 &&