Fix out of boundary write on 1x1 terminals

If a terminal is merely 1x1 in size, setsize() will write a nul byte in
front of the allocated memory, which is an out of boundary write.

diff --git a/tload.c b/tload.c
index 8b9fab33f37ca09f4d2b4e4416b4a8f9ef3baa52..7160462ffc450d2e11388a8b28b8ee1e48577364 100644 (file)
--- a/tload.c
+++ b/tload.c
@@ -70,6 +70,8 @@ static void setsize(int i)
                        nrows = win.ws_row;
        }
        scr_size = nrows * ncols;
+       if (scr_size < 2)
+               xerr(EXIT_FAILURE, _("screen too small"));
        if (screen == NULL)
                screen = (char *)xmalloc(scr_size);
        else