Commit 71fc5b3e authored by Keith Packard's avatar Keith Packard Committed by Matthieu Herrb
Browse files

Fix for a divide by zero that can be triggered by a malicious client.

Problem reported by Derek Abdine of rapid7.com. Thanks.
parent 873ef75b
...@@ -117,6 +117,9 @@ fbRasterizeTrapezoid (PicturePtr pPicture, ...@@ -117,6 +117,9 @@ fbRasterizeTrapezoid (PicturePtr pPicture,
RenderEdge l, r; RenderEdge l, r;
xFixed t, b; xFixed t, b;
if (!xTrapezoidValid (trap))
return;
fbGetDrawable (pPicture->pDrawable, buf, stride, bpp, pxoff, pyoff); fbGetDrawable (pPicture->pDrawable, buf, stride, bpp, pxoff, pyoff);
width = pPicture->pDrawable->width; width = pPicture->pDrawable->width;
......
...@@ -143,6 +143,7 @@ RenderEdgeInit (RenderEdge *e, ...@@ -143,6 +143,7 @@ RenderEdgeInit (RenderEdge *e,
dx = x_bot - x_top; dx = x_bot - x_top;
dy = y_bot - y_top; dy = y_bot - y_top;
e->dy = dy; e->dy = dy;
e->dx = 0;
if (dy) if (dy)
{ {
if (dx >= 0) if (dx >= 0)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment