From 46e2e46f9b1cdf5545f044ae87cfc70ada419246 Mon Sep 17 00:00:00 2001
From: bptato <nincsnevem662@gmail.com>
Date: Sat, 12 Aug 2023 12:42:07 +0200
Subject: [PATCH] Fix possible buffer overflow in addMultirowsImg

A hack to avoid buffer overrun most likely caused by printing
mis-positioned images on lines shorter than their intended line.

May be related to 4e464819.
---
 anchor.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/anchor.c b/anchor.c
index b6d121c0e..0736bda64 100644
--- a/anchor.c
+++ b/anchor.c
@@ -614,6 +614,13 @@ addMultirowsImg(Buffer *buf, AnchorList *al)
 	    a->slave = TRUE;
 	    a->image = img;
 	    a->end.pos = pos + ecol - col;
+	    /* TODO:
+	     * This is a hack to avoid adding images positioned on the wrong
+	     * line outside line bounds (which would cause a buffer overrun).
+	     * The actual bug is most likely in the image placement code.
+	     */
+	    if (pos < 0 || a->end.pos > l->size)
+		continue;
 	    for (k = pos; k < a->end.pos; k++)
 		l->propBuf[k] |= PE_IMAGE;
 	    if (a_href.url) {