Fix for a divide by zero that can be triggered by a malicious client.

Problem reported by Derek Abdine of rapid7.com. Thanks.
author: Keith Packard <keithp@keithp.com> 2007-05-02 11:41:11 +0200
committer: Matthieu Herrb <matthieu@bluenote.herrb.com> 2007-05-02 11:41:11 +0200
commit: 71fc5b3e9309182978ead676965d65ca93a4e3b9 (patch)
tree: 7cad2b7ebdbd1bea5abf5aa5e9752345384aa54b
parent: 873ef75b1e8c94d39670c981c4d830ab8bcc018b (diff)
2 files changed, 4 insertions, 0 deletions
diff --git a/fb/fbtrap.c b/fb/fbtrap.c
index 4c67bcdfb..478a80f4f 100644
--- a/fb/fbtrap.c
+++ b/fb/fbtrap.c
@@ -117,6 +117,9 @@ fbRasterizeTrapezoid (PicturePtr    pPicture,
     RenderEdge	l, r;
     xFixed	t, b;
     
+    if (!xTrapezoidValid (trap))
+	return;
+
     fbGetDrawable (pPicture->pDrawable, buf, stride, bpp, pxoff, pyoff);
 
     width = pPicture->pDrawable->width;
diff --git a/render/renderedge.c b/render/renderedge.c
index 199ec22ee..c2ffabe03 100644
--- a/render/renderedge.c
+++ b/render/renderedge.c
@@ -143,6 +143,7 @@ RenderEdgeInit (RenderEdge	*e,
     dx = x_bot - x_top;
     dy = y_bot - y_top;
     e->dy = dy;
+    e->dx = 0;
     if (dy)
     {
 	if (dx >= 0)
author	Keith Packard <keithp@keithp.com>	2007-05-02 11:41:11 +0200
committer	Matthieu Herrb <matthieu@bluenote.herrb.com>	2007-05-02 11:41:11 +0200
commit	71fc5b3e9309182978ead676965d65ca93a4e3b9 (patch)
tree	7cad2b7ebdbd1bea5abf5aa5e9752345384aa54b
parent	873ef75b1e8c94d39670c981c4d830ab8bcc018b (diff)