# HG changeset patch
# User Carl Byington <carl@five-ten-sg.com>
# Date 1405365703 25200
# Node ID 2bf2724d86102271ad3fb8d7dffef711688e931f
# Parent  dc6e53600ae2d16b6e31ccb6702976158c387fd3
add range checking on get/set fields

diff -r dc6e53600ae2 -r 2bf2724d8610 src/com/five_ten_sg/connectbot/service/TerminalMonitor.java
--- a/src/com/five_ten_sg/connectbot/service/TerminalMonitor.java	Mon Jul 14 11:51:59 2014 -0700
+++ b/src/com/five_ten_sg/connectbot/service/TerminalMonitor.java	Mon Jul 14 12:21:43 2014 -0700
@@ -417,10 +417,17 @@
 
     public synchronized void setField(int l, int c, char[] data, int offset) {
         Log.i(TAG, "setField()");
-        char[] da = new char[data.length - offset];
-        System.arraycopy(data, offset, da, 0, data.length-offset);
-        if (l > 60000) l = -1;
-        if (c > 60000) c = -1;
+        int len = data.length - offset;
+        char[] da = new char[len];
+        System.arraycopy(data, offset, da, 0, len);
+        if ((l > 60000) || (c > 60000)) {
+            l = -1;
+            c = -1;
+        }
+        else {
+            // ignore setfield outside screen boundaries
+            if ((l >= buffer.height) || (c+len >= buffer.width)) return;
+        }
         buffer.setField(l, c, da);
     }
 
@@ -439,7 +446,12 @@
         arg2[2] = (char)(l & 0x0000ffff);
         arg2[3] = (char)(c & 0x0000ffff);
         int base = 4;
-        System.arraycopy(buffer.charArray[buffer.screenBase + l], c, arg2, base, len);
+        if ((l >= buffer.height) || (c+len >= buffer.width)) {
+            Arrays.fill(arg2, base, len-1, ' ');
+        }
+        else {
+            System.arraycopy(buffer.charArray[buffer.screenBase + l], c, arg2, base, len);
+        }
         monitorWrite(MONITOR_CMD_FIELDVALUE, arg2);
     }