From 3e1dac97ad31f5b51af4de2be06a1ace82575343 Mon Sep 17 00:00:00 2001
From: Kovid Goyal <kovid@kovidgoyal.net>
Date: Sun, 18 Dec 2016 13:58:01 +0530
Subject: [PATCH] Fix a couple of out of bounds memory reads

---
 kitty/line-buf.c | 2 +-
 kitty/screen.c   | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/kitty/line-buf.c b/kitty/line-buf.c
index 61876485c..7f86e95d6 100644
--- a/kitty/line-buf.c
+++ b/kitty/line-buf.c
@@ -318,7 +318,7 @@ void linebuf_delete_lines(LineBuf *self, index_type num, index_type y, index_typ
     for (i = y; i < y + num; i++) {
         self->scratch[i] = self->line_map[i];
     }
-    for (i = y; i < ylimit; i++) {
+    for (i = y; i < ylimit && i + num < self->ynum; i++) {
         self->line_map[i] = self->line_map[i + num];
         self->continued_map[i] = self->continued_map[i + num];
     }
diff --git a/kitty/screen.c b/kitty/screen.c
index 821e78e76..1241d9825 100644
--- a/kitty/screen.c
+++ b/kitty/screen.c
@@ -110,8 +110,9 @@ screen_resize(Screen *self, unsigned int lines, unsigned int columns) {
     Py_CLEAR(self->main_linebuf); self->main_linebuf = n;
     bool index_after_resize = false;
     if (is_main) {
-        linebuf_init_line(self->main_linebuf, self->cursor->y);
-        if (is_x_shrink && (self->main_linebuf->continued_map[self->cursor->y] || line_length(self->main_linebuf->line) > columns)) {
+        index_type cy = MIN(self->cursor->y, lines - 1);
+        linebuf_init_line(self->main_linebuf, cy);
+        if (is_x_shrink && (self->main_linebuf->continued_map[cy] || line_length(self->main_linebuf->line) > columns)) {
             // If the client is in line drawing mode, it will redraw the cursor
             // line, this can cause rendering artifacts, so ensure that the
             // cursor is on a new line