diff options
Diffstat (limited to 'ncurses/base/lib_screen.c')
| -rw-r--r-- | ncurses/base/lib_screen.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/ncurses/base/lib_screen.c b/ncurses/base/lib_screen.c index e6aecbdaab47..4aa58ea2a19c 100644 --- a/ncurses/base/lib_screen.c +++ b/ncurses/base/lib_screen.c @@ -1,5 +1,5 @@ /**************************************************************************** - * Copyright (c) 1998-2006,2007 Free Software Foundation, Inc. * + * Copyright (c) 1998-2007,2008 Free Software Foundation, Inc. * * * * Permission is hereby granted, free of charge, to any person obtaining a * * copy of this software and associated documentation files (the * @@ -29,12 +29,14 @@ /**************************************************************************** * Author: Zeyd M. Ben-Halim <zmbenhal@netcom.com> 1992,1995 * * and: Eric S. Raymond <esr@snark.thyrsus.com> * - * and: Thomas E. Dickey 1996 on * + * and: Thomas E. Dickey 1996 on * ****************************************************************************/ #include <curses.priv.h> -MODULE_ID("$Id: lib_screen.c,v 1.30 2007/03/10 23:20:41 tom Exp $") +MODULE_ID("$Id: lib_screen.c,v 1.31 2008/08/16 19:05:37 tom Exp $") + +#define MAX_SIZE 0x3fff /* 16k is big enough for a window or pad */ NCURSES_EXPORT(WINDOW *) getwin(FILE *filep) @@ -46,7 +48,11 @@ getwin(FILE *filep) clearerr(filep); (void) fread(&tmp, sizeof(WINDOW), 1, filep); - if (ferror(filep)) + if (ferror(filep) + || tmp._maxy == 0 + || tmp._maxy > MAX_SIZE + || tmp._maxx == 0 + || tmp._maxx > MAX_SIZE) returnWin(0); if (tmp._flags & _ISPAD) { @@ -115,7 +121,7 @@ putwin(WINDOW *win, FILE *filep) T((T_CALLED("putwin(%p,%p)"), win, filep)); if (win != 0) { - size_t len = (win->_maxx + 1); + size_t len = (size_t) (win->_maxx + 1); clearerr(filep); if (fwrite(win, sizeof(WINDOW), 1, filep) != 1 |