From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 17009 invoked from network); 6 Feb 2021 02:45:08 -0000
Received: from 1ess.inri.net (216.126.196.35)
  by inbox.vuxu.org with ESMTPUTF8; 6 Feb 2021 02:45:08 -0000
Received: from mimir.eigenstate.org ([206.124.132.107]) by 1ess; Fri Feb  5 16:18:50 -0500 2021
Received: from abbatoir.fios-router.home (pool-74-101-2-6.nycmny.fios.verizon.net [74.101.2.6])
	by mimir.eigenstate.org (OpenSMTPD) with ESMTPSA id 2998afcb (TLSv1.2:ECDHE-RSA-AES256-SHA:256:NO)
	for <9front@9front.org>;
	Fri, 5 Feb 2021 13:18:38 -0800 (PST)
Message-ID: <7D1FE3106BC07BB1AC2EC2F04FC1D349@eigenstate.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
To: 9front@9front.org
CC: 9front@9front.org
Date: Fri, 05 Feb 2021 13:18:37 -0800
From: ori@eigenstate.org
In-Reply-To: <66A85B05FD8A4DCC2FBCCBC6BC5F9FFB@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: open-source compliant wrapper-aware content-driven-based SSL over ORM persistence-based general-purpose layer 
Subject: Re: [9front] drawterm: fix suicide caused by off-by-one write and out-of-bound read in libmemdraw/draw.c (patch)
Reply-To: 9front@9front.org
Precedence: bulk

Quoth boehm.igor@gmail.com:
>  	for(i=0; i<dx; i++){
> -		u = r[0] | (r[1]<<8) | (r[2]<<16) | (r[3]<<24);
> +		for(j = 0, u = 0 ; j < 4 && r+j < end ; j++)
> +			u |= r[j] << (8*j);
> 

This fix seems wrong: 'u = ...' is loading a pixel. Why
would we ever want to load *half* a pixel?

it seems like we either want to stop early, or ensure we
allocate the right size image.