Fix for a divide by zero that can be triggered by a malicious client.
Problem reported by Derek Abdine of rapid7.com. Thanks.
This commit is contained in:
parent
873ef75b1e
commit
71fc5b3e93
|
@ -117,6 +117,9 @@ fbRasterizeTrapezoid (PicturePtr pPicture,
|
|||
RenderEdge l, r;
|
||||
xFixed t, b;
|
||||
|
||||
if (!xTrapezoidValid (trap))
|
||||
return;
|
||||
|
||||
fbGetDrawable (pPicture->pDrawable, buf, stride, bpp, pxoff, pyoff);
|
||||
|
||||
width = pPicture->pDrawable->width;
|
||||
|
|
|
@ -143,6 +143,7 @@ RenderEdgeInit (RenderEdge *e,
|
|||
dx = x_bot - x_top;
|
||||
dy = y_bot - y_top;
|
||||
e->dy = dy;
|
||||
e->dx = 0;
|
||||
if (dy)
|
||||
{
|
||||
if (dx >= 0)
|
||||
|
|
Loading…
Reference in New Issue
Block a user