changeset 1919:e920355164cf

minimize draw rect before passing it to fl_clip_box to avoid overflows fl_clip_box() uses X11 calls internally that use shorts, so big values can overflow. Reported by: corvid <corvid@lavabit.com>
author Johannes Hofmann <Johannes.Hofmann@gmx.de>
date Fri, 25 Feb 2011 22:55:22 +0100
parents 55af06da5523
children ee491e720a6f f2f755594cf9
files dw/fltkviewbase.cc
diffstat 1 files changed, 11 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/dw/fltkviewbase.cc	Fri Feb 25 08:37:13 2011 +0000
+++ b/dw/fltkviewbase.cc	Fri Feb 25 22:55:22 2011 +0100
@@ -134,13 +134,18 @@
 void FltkViewBase::draw (const core::Rectangle *rect,
                          DrawType type)
 {
-   int X, Y, W, H;
+   int X = translateCanvasXToViewX (rect->x);
+   int Y = translateCanvasYToViewY (rect->y);
+   int W, H;
+
+   // fl_clip_box() can't handle values greater than SHRT_MAX!
+   if (X > x () + w () || Y > y () + h ())
+      return;
    
-   fl_clip_box(translateCanvasXToViewX (rect->x),
-               translateCanvasYToViewY (rect->y),
-               rect->width,
-               rect->height,
-               X, Y, W, H);
+   W = X + rect->width > x () + w () ? x () + w () - X : rect->width;
+   H = Y + rect->height > y () + h () ? y () + h () - Y : rect->height;
+
+   fl_clip_box(X, Y, W, H, X, Y, W, H);
 
    core::Rectangle r (translateViewXToCanvasX (X),
                       translateViewYToCanvasY (Y), W, H);