From 71fc5b3e9309182978ead676965d65ca93a4e3b9 Mon Sep 17 00:00:00 2001
From: Keith Packard <keithp@keithp.com>
Date: Wed, 2 May 2007 11:41:11 +0200
Subject: [PATCH] Fix for a divide by zero that can be triggered by a malicious
 client.

Problem reported by Derek Abdine of rapid7.com. Thanks.
---
 fb/fbtrap.c         | 3 +++
 render/renderedge.c | 1 +
 2 files changed, 4 insertions(+)

diff --git a/fb/fbtrap.c b/fb/fbtrap.c
index 4c67bcdfb..478a80f4f 100644
--- a/fb/fbtrap.c
+++ b/fb/fbtrap.c
@@ -117,6 +117,9 @@ fbRasterizeTrapezoid (PicturePtr    pPicture,
     RenderEdge	l, r;
     xFixed	t, b;
     
+    if (!xTrapezoidValid (trap))
+	return;
+
     fbGetDrawable (pPicture->pDrawable, buf, stride, bpp, pxoff, pyoff);
 
     width = pPicture->pDrawable->width;
diff --git a/render/renderedge.c b/render/renderedge.c
index 199ec22ee..c2ffabe03 100644
--- a/render/renderedge.c
+++ b/render/renderedge.c
@@ -143,6 +143,7 @@ RenderEdgeInit (RenderEdge	*e,
     dx = x_bot - x_top;
     dy = y_bot - y_top;
     e->dy = dy;
+    e->dx = 0;
     if (dy)
     {
 	if (dx >= 0)