From 836d3868239d35c12016f45ce0e9f224fb2ba436 Mon Sep 17 00:00:00 2001
From: Ailin Nemui <ailin@esf51.localdomain>
Date: Sat, 9 Aug 2014 11:40:37 +0200
Subject: [PATCH] Add bounds check to array access in terminfo driver.

this fixes a crash due to illegal memory access that can occur if
something is printed to the screen on the "terminal resized"
handler. It is not clear to me whether this race condition can be
triggered by external incoming messages, but it might be better safe
than sorry.
---
 src/fe-text/term-terminfo.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/fe-text/term-terminfo.c b/src/fe-text/term-terminfo.c
index b13426d1..29d3f7eb 100644
--- a/src/fe-text/term-terminfo.c
+++ b/src/fe-text/term-terminfo.c
@@ -293,7 +293,7 @@ void term_window_scroll(TERM_WINDOW *window, int count)
         term_move_reset(vcx, vcy);
 
         /* set the newly scrolled area dirty */
-	for (y = 0; y < window->height; y++)
+	for (y = 0; (window->y+y) < term_height && y < window->height; y++)
 		term_lines_empty[window->y+y] = FALSE;
 }