From 44d5a5689cfb913589ed73875064e5e9001d7a50 Mon Sep 17 00:00:00 2001
From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH] 0014-tload: Prevent a buffer overflow when row equals nrows.

When max_scale is very small, scale_fact is very small, row is equal to
nrows, p points outside screen, and the write to *p is out-of-bounds.
---
 tload.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tload.c b/tload.c
index 9e99705a..4aa4be17 100644
--- a/tload.c
+++ b/tload.c
@@ -189,7 +189,7 @@ int main(int argc, char **argv)
 		for (i = 1;; ++i) {
 			char *p;
 			row = nrows - (i * scale_fact);
-			if (row < 0)
+			if (row < 0 || row >= nrows)
 				break;
 			if (*(p = screen + row * ncols + col) == ' ')
 				*p = '-';