From 160dda776cdcdaeece911ed0bb09eede141e0fb5 Mon Sep 17 00:00:00 2001
From: Jacek Jendrzej <crashdvb@googlemail.com>
Date: Mon, 22 Jun 2015 19:24:53 +0200
Subject: [PATCH] tuxtxt.cpp: fixheap buffer overflow

---
 lib/libtuxtxt/tuxtxt.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/libtuxtxt/tuxtxt.cpp b/lib/libtuxtxt/tuxtxt.cpp
index 37f738708..91722ee88 100644
--- a/lib/libtuxtxt/tuxtxt.cpp
+++ b/lib/libtuxtxt/tuxtxt.cpp
@@ -4765,7 +4765,8 @@ void RenderChar(int Char, tstPageAttr *Attribute, int zoom, int yoffset)
 					for (Pitch = 0; Pitch < sbit->pitch; Pitch++)
 					{
 						if (sbit_diacrit->pitch > Pitch && sbit_diacrit->height > Row)
-							sbitbuffer[Row*sbit->pitch+Pitch] |= sbit_diacrit->buffer[Row*sbit->pitch+Pitch];
+							if((sbit_diacrit->pitch*sbit_diacrit->height) > (Row*sbit->pitch+Pitch))
+								sbitbuffer[Row*sbit->pitch+Pitch] |= sbit_diacrit->buffer[Row*sbit->pitch+Pitch];
 					}
 				}
 			}