From 610362f8c979b2d1aeb98a8d9dfee94fcbad8ec8 Mon Sep 17 00:00:00 2001 From: Lephe Date: Sat, 13 Jun 2020 19:13:01 +0200 Subject: [PATCH] render-cg: fix potential VRAM overflow in gint_dhline() A missing coordinate check in gint_dhline() would allow lines entirely out of bounds of the screen to write pixels outside of their expected range, often wrapping up to the next line, but possibly overflowing from VRAM. --- src/render-cg/dline.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/render-cg/dline.c b/src/render-cg/dline.c index c056c0e..ddc531d 100644 --- a/src/render-cg/dline.c +++ b/src/render-cg/dline.c @@ -7,6 +7,7 @@ void gint_dhline(int x1, int x2, int y, uint16_t color) /* Order and bounds */ if((uint)y >= 224) return; if(x1 > x2) swap(x1, x2); + if(x1 >= 396 || x2 < 0) return; if(x1 < 0) x1 = 0; if(x2 >= 396) x2 = 395;