From 79692f655a507a7bc473dd3846d175ddcb48d85d Mon Sep 17 00:00:00 2001 From: David Herrmann Date: Mon, 1 Oct 2012 12:46:09 +0200 Subject: [PATCH] tsm: screen: fix out-of-bounds access when drawing sb When drawing scroll-back buffer, we cannot guarantee that the lines are as long as the current screen. Therefore, check that we aren't accessing out of bounds and draw empty glyphs instead. Signed-off-by: David Herrmann --- src/tsm_screen.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/tsm_screen.c b/src/tsm_screen.c index 9f900c9..260cd89 100644 --- a/src/tsm_screen.c +++ b/src/tsm_screen.c @@ -1306,10 +1306,13 @@ void tsm_screen_draw(struct tsm_screen *con, uint64_t time_prep = 0, time_draw = 0, time_rend = 0; const uint32_t *ch; size_t len; + struct cell empty; if (!con || !draw_cb) return; + cell_init(con, &empty); + cur_x = con->cursor_x; if (con->cursor_x >= con->size_x) cur_x = con->size_x - 1; @@ -1353,7 +1356,10 @@ void tsm_screen_draw(struct tsm_screen *con, } for (j = 0; j < con->size_x; ++j) { - cell = &line->cells[j]; + if (j < line->size) + cell = &line->cells[j]; + else + cell = ∅ memcpy(&attr, &cell->attr, sizeof(attr)); if (k == cur_y + 1 && -- 2.7.4