From daa153f9eec9000806cb301fe7f523580d46d724 Mon Sep 17 00:00:00 2001 From: Thomas A Caswell Date: Thu, 6 Jun 2019 22:04:39 -0400 Subject: [PATCH] Backport PR #14461: Fix out of bounds read in backend_tk. --- lib/matplotlib/backends/_backend_tk.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/matplotlib/backends/_backend_tk.py b/lib/matplotlib/backends/_backend_tk.py index c033237306bb..c927afab1fc3 100644 --- a/lib/matplotlib/backends/_backend_tk.py +++ b/lib/matplotlib/backends/_backend_tk.py @@ -71,8 +71,11 @@ def blit(photoimage, aggimage, offsets, bbox=None): dataptr = (height, width, data.ctypes.data) if bbox is not None: (x1, y1), (x2, y2) = bbox.__array__() - bboxptr = (math.floor(x1), math.ceil(x2), - math.floor(y1), math.ceil(y2)) + x1 = max(math.floor(x1), 0) + x2 = min(math.ceil(x2), width) + y1 = max(math.floor(y1), 0) + y2 = min(math.ceil(y2), height) + bboxptr = (x1, x2, y1, y2) else: photoimage.blank() bboxptr = (0, width, 0, height)