diff options
| author | Albrecht Schlosser <albrechts.fltk@online.de> | 2018-03-15 16:34:09 +0000 |
|---|---|---|
| committer | Albrecht Schlosser <albrechts.fltk@online.de> | 2018-03-15 16:34:09 +0000 |
| commit | 7d985f842ac3e396dfcc3418f56f7f0c3a98d659 (patch) | |
| tree | 8a2708b83c29b4936d99295ef569e15e5855735d /src/drivers | |
| parent | 6e4ed88f40d5ff5d5faf19d51f6d60e061ccba57 (diff) | |
Fix a potential internal stack overflow in Xlib graphics driver.
git-svn-id: file:///fltk/svn/fltk/branches/branch-1.4@12752 ea41ed52-d2ee-0310-a9c1-e6b18d33e121
Diffstat (limited to 'src/drivers')
| -rw-r--r-- | src/drivers/Xlib/Fl_Xlib_Graphics_Driver.H | 4 | ||||
| -rw-r--r-- | src/drivers/Xlib/Fl_Xlib_Graphics_Driver.cxx | 15 |
2 files changed, 12 insertions, 7 deletions
diff --git a/src/drivers/Xlib/Fl_Xlib_Graphics_Driver.H b/src/drivers/Xlib/Fl_Xlib_Graphics_Driver.H index 66b270b05..96126cf21 100644 --- a/src/drivers/Xlib/Fl_Xlib_Graphics_Driver.H +++ b/src/drivers/Xlib/Fl_Xlib_Graphics_Driver.H @@ -46,6 +46,7 @@ struct _XRegion { #include <pango/pango.h> #endif +#define FL_XLIB_GRAPHICS_TRANSLATION_STACK_SIZE (20) /** \brief The Xlib-specific graphics class. @@ -56,7 +57,8 @@ class FL_EXPORT Fl_Xlib_Graphics_Driver : public Fl_Scalable_Graphics_Driver { private: int offset_x_, offset_y_; // translation between user and graphical coordinates: graphical = user + offset unsigned depth_; // depth of translation stack - int stack_x_[20], stack_y_[20]; // translation stack allowing cumulative translations + int stack_x_[FL_XLIB_GRAPHICS_TRANSLATION_STACK_SIZE]; // translation stack allowing cumulative translations + int stack_y_[FL_XLIB_GRAPHICS_TRANSLATION_STACK_SIZE]; int line_delta_; virtual void set_current_(); int clip_max_; // +/- x/y coordinate limit (16-bit coordinate space) diff --git a/src/drivers/Xlib/Fl_Xlib_Graphics_Driver.cxx b/src/drivers/Xlib/Fl_Xlib_Graphics_Driver.cxx index 3a04ecb18..7d4cf1298 100644 --- a/src/drivers/Xlib/Fl_Xlib_Graphics_Driver.cxx +++ b/src/drivers/Xlib/Fl_Xlib_Graphics_Driver.cxx @@ -263,14 +263,17 @@ Region Fl_Xlib_Graphics_Driver::scale_clip(float f) { void Fl_Xlib_Graphics_Driver::translate_all(int dx, int dy) { // reversibly adds dx,dy to the offset between user and graphical coordinates - stack_x_[depth_] = offset_x_; - stack_y_[depth_] = offset_y_; - offset_x_ = stack_x_[depth_] + dx; - offset_y_ = stack_y_[depth_] + dy; + if (depth_ < FL_XLIB_GRAPHICS_TRANSLATION_STACK_SIZE) { + stack_x_[depth_] = offset_x_; + stack_y_[depth_] = offset_y_; + depth_++; + } else { + Fl::warning("%s: translate stack overflow!", "Fl_Xlib_Graphics_Driver"); + } + offset_x_ += dx; + offset_y_ += dy; push_matrix(); translate(dx, dy); - if (depth_ < sizeof(stack_x_)/sizeof(int)) depth_++; - else Fl::warning("%s: translate stack overflow!", "Fl_Xlib_Graphics_Driver"); } void Fl_Xlib_Graphics_Driver::untranslate_all() { // undoes previous translate_all() |