From 7d985f842ac3e396dfcc3418f56f7f0c3a98d659 Mon Sep 17 00:00:00 2001 From: Albrecht Schlosser Date: Thu, 15 Mar 2018 16:34:09 +0000 Subject: Fix a potential internal stack overflow in Xlib graphics driver. git-svn-id: file:///fltk/svn/fltk/branches/branch-1.4@12752 ea41ed52-d2ee-0310-a9c1-e6b18d33e121 --- src/drivers/Xlib/Fl_Xlib_Graphics_Driver.H | 4 +++- src/drivers/Xlib/Fl_Xlib_Graphics_Driver.cxx | 15 +++++++++------ 2 files changed, 12 insertions(+), 7 deletions(-) (limited to 'src/drivers/Xlib') diff --git a/src/drivers/Xlib/Fl_Xlib_Graphics_Driver.H b/src/drivers/Xlib/Fl_Xlib_Graphics_Driver.H index 66b270b05..96126cf21 100644 --- a/src/drivers/Xlib/Fl_Xlib_Graphics_Driver.H +++ b/src/drivers/Xlib/Fl_Xlib_Graphics_Driver.H @@ -46,6 +46,7 @@ struct _XRegion { #include #endif +#define FL_XLIB_GRAPHICS_TRANSLATION_STACK_SIZE (20) /** \brief The Xlib-specific graphics class. @@ -56,7 +57,8 @@ class FL_EXPORT Fl_Xlib_Graphics_Driver : public Fl_Scalable_Graphics_Driver { private: int offset_x_, offset_y_; // translation between user and graphical coordinates: graphical = user + offset unsigned depth_; // depth of translation stack - int stack_x_[20], stack_y_[20]; // translation stack allowing cumulative translations + int stack_x_[FL_XLIB_GRAPHICS_TRANSLATION_STACK_SIZE]; // translation stack allowing cumulative translations + int stack_y_[FL_XLIB_GRAPHICS_TRANSLATION_STACK_SIZE]; int line_delta_; virtual void set_current_(); int clip_max_; // +/- x/y coordinate limit (16-bit coordinate space) diff --git a/src/drivers/Xlib/Fl_Xlib_Graphics_Driver.cxx b/src/drivers/Xlib/Fl_Xlib_Graphics_Driver.cxx index 3a04ecb18..7d4cf1298 100644 --- a/src/drivers/Xlib/Fl_Xlib_Graphics_Driver.cxx +++ b/src/drivers/Xlib/Fl_Xlib_Graphics_Driver.cxx @@ -263,14 +263,17 @@ Region Fl_Xlib_Graphics_Driver::scale_clip(float f) { void Fl_Xlib_Graphics_Driver::translate_all(int dx, int dy) { // reversibly adds dx,dy to the offset between user and graphical coordinates - stack_x_[depth_] = offset_x_; - stack_y_[depth_] = offset_y_; - offset_x_ = stack_x_[depth_] + dx; - offset_y_ = stack_y_[depth_] + dy; + if (depth_ < FL_XLIB_GRAPHICS_TRANSLATION_STACK_SIZE) { + stack_x_[depth_] = offset_x_; + stack_y_[depth_] = offset_y_; + depth_++; + } else { + Fl::warning("%s: translate stack overflow!", "Fl_Xlib_Graphics_Driver"); + } + offset_x_ += dx; + offset_y_ += dy; push_matrix(); translate(dx, dy); - if (depth_ < sizeof(stack_x_)/sizeof(int)) depth_++; - else Fl::warning("%s: translate stack overflow!", "Fl_Xlib_Graphics_Driver"); } void Fl_Xlib_Graphics_Driver::untranslate_all() { // undoes previous translate_all() -- cgit v1.2.3