Commit 71fc5b3e authored by Keith Packard's avatar Keith Packard Committed by Matthieu Herrb
Browse files

Fix for a divide by zero that can be triggered by a malicious client.

Problem reported by Derek Abdine of rapid7.com. Thanks.
parent 873ef75b
......@@ -117,6 +117,9 @@ fbRasterizeTrapezoid (PicturePtr pPicture,
RenderEdge l, r;
xFixed t, b;
if (!xTrapezoidValid (trap))
return;
fbGetDrawable (pPicture->pDrawable, buf, stride, bpp, pxoff, pyoff);
width = pPicture->pDrawable->width;
......
......@@ -143,6 +143,7 @@ RenderEdgeInit (RenderEdge *e,
dx = x_bot - x_top;
dy = y_bot - y_top;
e->dy = dy;
e->dx = 0;
if (dy)
{
if (dx >= 0)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment