fix stack buffer overflow if icon pic is broken

src/driver/fb_generic.cpp

@@ -816,15 +816,15 @@ bool CFrameBuffer::paintIcon8(const std::string & filename, const int x, const i
 bool CFrameBuffer::paintIcon(const std::string & filename, const int x, const int y,
 			     const int h, const unsigned char offset, bool paint, bool paintBg, const fb_pixel_t colBg)
 {
+	if (!getActive())
+		return false;
+
 	struct rawHeader header;
-	int	 width, height;
+	int	 width = 0, height = 0;
 	fb_pixel_t * data;
 	struct rawIcon tmpIcon;
 	std::map<std::string, rawIcon>::iterator it;
 
-	if (!getActive())
-		return false;
-
 	int  yy = y;
 	bool freeicondata = false;
 	//printf("CFrameBuffer::paintIcon: load %s\n", filename.c_str());fflush(stdout);
@@ -836,6 +836,9 @@ bool CFrameBuffer::paintIcon(const std::string & filename, const int x, const in
 		//printf("CFrameBuffer::paintIcon: check for %s\n", newname.c_str());fflush(stdout);
 
 		data = g_PicViewer->getIcon(newname, &width, &height);
+		if (width < 1 || height < 1){
+			return false;
+		}
 
 		if(data) { //TODO: intercepting of possible full icon cache, that could cause strange behavior while painting of uncached icons
 			int dsize = width*height*sizeof(fb_pixel_t);

src/driver/pictureviewer/pictureviewer.cpp

@@ -783,7 +783,7 @@ fb_pixel_t * CPictureViewer::int_getImage(const std::string & name, int *width,
 	if (access(name.c_str(), R_OK) == -1)
 		return NULL;
 
-	int x, y, load_ret, bpp = 0;
+	int x = 0, y = 0, load_ret = 0, bpp = 0;
 	CFormathandler *fh = NULL;
 	unsigned char * buffer = NULL;
 	fb_pixel_t * ret = NULL;
@@ -795,6 +795,10 @@ fb_pixel_t * CPictureViewer::int_getImage(const std::string & name, int *width,
 		mode_str = "getIcon";
 
   	fh = fh_getsize(name.c_str(), &x, &y, INT_MAX, INT_MAX);
+	if (x < 1 || y < 1){
+		return NULL;
+	}
+
 	size_t bufsize = x * y * 4;
 	if (!checkfreemem(bufsize))
 		return NULL;