draw: add badrect() function to reject zero, negative size or orverly huge rectangles

not checking the rectangle dimensions causes integer overflows and memory corruption. adding a new badrect() function that checks for these cases.
author: cinap_lenrek <cinap_lenrek@gmx.de> 2013-06-16 19:01:46 +0200
committer: cinap_lenrek <cinap_lenrek@gmx.de> 2013-06-16 19:01:46 +0200
commit: 202be57bb94b2bd65db9164bfd94ad2ec5167071 (patch)
tree: a3e9b3e1911dc04058d0a6b320da1763a2919cae /sys/src/libmemdraw/cload.c
parent: e36d9f5c4e667970a4a7aa15744e304ccc7c58f3 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/src/libmemdraw/cload.c b/sys/src/libmemdraw/cload.c
index 5e068cba0..b70c23603 100644
--- a/sys/src/libmemdraw/cload.c
+++ b/sys/src/libmemdraw/cload.c
@@ -9,7 +9,7 @@ cloadmemimage(Memimage *i, Rectangle r, uchar *data, int ndata)
 	int y, bpl, c, cnt, offs;
 	uchar mem[NMEM], *memp, *omemp, *emem, *linep, *elinep, *u, *eu;
 
-	if(!rectinrect(r, i->r))
+	if(badrect(r) || !rectinrect(r, i->r))
 		return -1;
 	bpl = bytesperline(r, i->depth);
 	u = data;
author	cinap_lenrek <cinap_lenrek@gmx.de>	2013-06-16 19:01:46 +0200
committer	cinap_lenrek <cinap_lenrek@gmx.de>	2013-06-16 19:01:46 +0200
commit	202be57bb94b2bd65db9164bfd94ad2ec5167071 (patch)
tree	a3e9b3e1911dc04058d0a6b320da1763a2919cae /sys/src/libmemdraw/cload.c
parent	e36d9f5c4e667970a4a7aa15744e304ccc7c58f3 (diff)