From c625f2e6f764e4e80d2eab871a6ea1491d8b56ec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Deuc=D0=B5?= <shurd@sasktel.net>
Date: Sat, 6 May 2023 00:02:26 -0400
Subject: [PATCH] Fix buffer overflow in bitmap movetext()

---
 src/conio/bitmap_con.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/conio/bitmap_con.c b/src/conio/bitmap_con.c
index f2e40cd931..6ba25e90d2 100644
--- a/src/conio/bitmap_con.c
+++ b/src/conio/bitmap_con.c
@@ -1160,9 +1160,12 @@ int bitmap_movetext(int x, int y, int ex, int ey, int tox, int toy)
 			|| x>cio_textinfo.screenwidth
 			|| ex>cio_textinfo.screenwidth
 			|| tox>cio_textinfo.screenwidth
+			|| tox + width > cio_textinfo.screenwidth
 			|| y>cio_textinfo.screenheight
 			|| ey>cio_textinfo.screenheight
-			|| toy>cio_textinfo.screenheight) {
+			|| toy>cio_textinfo.screenheight
+			|| toy + height > cio_textinfo.screenheight
+			) {
 		return(0);
 	}
 
-- 
GitLab