From 19c48e7edb280b4ea36f7a043d9d9f2ec94e3c9a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lvaro=20Felipe=20Melchor?= <alvaro.felipe91@gmail.com>
Date: Fri, 31 Jul 2015 22:56:48 +0200
Subject: [PATCH] Fix oob read in prefixline and oob write in
 r_cons_canvas_write

---
 libr/cons/canvas.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libr/cons/canvas.c b/libr/cons/canvas.c
index f2ead2d365..b959160434 100644
--- a/libr/cons/canvas.c
+++ b/libr/cons/canvas.c
@@ -96,11 +96,13 @@ static int get_piece (const char *p, char *chr) {
 }
 
 static char *prefixline(RConsCanvas *c, int *left) {
-	int x;
+	int x, len;
 	char *p;
 	if (!c) return NULL;
+	if (strlen (c->b) < (c->y * c->w)) return NULL;
 	p = c->b + (c->y * c->w);
-	for (x = 0; p[x] && x<c->x; x++) {
+	len = strlen(p)-1;
+	for (x = 0; (p[x] && x<c->x) && x < len; x++) {
 		if (p[x] == '\n')
 			p[x] = ' ';
 	}