:: commit 7703eaa1ca7be4b1bd1e8c970633da096f92ba02
lib/gterm: Fix long standing bug in genloop() that could cause memory corruption
diff --git a/common/lib/gterm.c b/common/lib/gterm.c
index 70e24a3f..7bc93a84 100644
--- a/common/lib/gterm.c
+++ b/common/lib/gterm.c
@@ -344,6 +344,17 @@ __attribute__((always_inline)) static inline void genloop(struct fb_info *fb, si
uint8_t *img = background->img;
const size_t img_width = background->img_width, img_height = background->img_height, img_pitch = background->pitch, colsize = background->bpp / 8;
+ if (xstart > xend) {
+ size_t tmp = xstart;
+ xstart = xend;
+ xend = tmp;
+ }
+ if (ystart > yend) {
+ size_t tmp = ystart;
+ ystart = yend;
+ yend = tmp;
+ }
+
switch (background->type) {
case IMAGE_TILED:
for (size_t y = ystart; y < yend; y++) {
