From d0bf154098411a7bde2b719a82e1f9b7fe309d36 Mon Sep 17 00:00:00 2001
From: Mamoru TASAKA <mtasaka@fedoraproject.org>
Date: Sat, 8 Feb 2020 21:58:35 +0900
Subject: [PATCH] gravitywell: restict the index accessing to colors[] buffer
 to the valid range

gcc10 -fsanitize=address detects invalid access by bp->colors with "ci" index
on gravitywell.c line 692, etc. Actually debugging result shows the value ci
was negative at the time.

This patch resticts the index to the valid range.
---
 hacks/glx/gravitywell.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hacks/glx/gravitywell.c b/hacks/glx/gravitywell.c
index 7078764..90edcf0 100644
--- a/hacks/glx/gravitywell.c
+++ b/hacks/glx/gravitywell.c
@@ -430,6 +430,8 @@ draw_row (ModeInfo *mi, int w, int y, Bool swap)
           polys += 1;
 
           ci = EASE (bp->vtx[vp + 2] / MAX_MASS_COLOR) * bp->ncolors;
+          if (ci < 0) ci = 0;
+          if (ci >= bp->ncolors) ci = bp->ncolors - 1;
           bp->col[cp]   = bp->colors[ci].red   / 65536.0;
           bp->col[cp+1] = bp->colors[ci].green / 65536.0;
           bp->col[cp+2] = bp->colors[ci].blue  / 65536.0;
@@ -452,6 +454,8 @@ draw_row (ModeInfo *mi, int w, int y, Bool swap)
               bp->vtx[vp + 2] = gridp[x * GRID_SEG + i];
 
               ci = EASE (bp->vtx[vp + 2] / MAX_MASS_COLOR) * bp->ncolors;
+              if (ci < 0) ci = 0;
+              if (ci >= bp->ncolors) ci = bp->ncolors - 1;
               bp->col[cp]   = bp->colors[ci].red   / 65536.0;
               bp->col[cp+1] = bp->colors[ci].green / 65536.0;
               bp->col[cp+2] = bp->colors[ci].blue  / 65536.0;
@@ -689,6 +693,8 @@ draw_gw (ModeInfo *mi)
       GLfloat th, color[4];
       int ci;
       ci = EASE (s->depth / MAX_MASS_COLOR) * bp->ncolors;
+      if (ci < 0) ci = 0;
+      if (ci >= bp->ncolors) ci = bp->ncolors - 1;
       color[0] = bp->colors[ci].red   / 65536.0;
       color[1] = bp->colors[ci].green / 65536.0;
       color[2] = bp->colors[ci].blue  / 65536.0;
-- 
2.24.1