From 93f57593b392552a5c532924cb55ca23afdc34b6 Mon Sep 17 00:00:00 2001
From: Explorer09 <explorer09@gmail.com>
Date: Wed, 6 May 2026 13:33:11 +0800
Subject: [PATCH] Prevent another integer overflow in drawScreenTab()

Specifically there's an integer overflow potential in
(x + 1 + SCREEN_TAB_COLUMN_GAP). Fix it with a better clamping logic.

Follow-up of commit e9e80017a180f9f69a3a0805fb856951943951fa

Supersedes #1984.

Signed-off-by: Kang-Che Sung <explorer09@gmail.com>
---
 ScreenManager.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ScreenManager.c b/ScreenManager.c
index 25acde189..f79596c38 100644
--- a/ScreenManager.c
+++ b/ScreenManager.c
@@ -185,9 +185,11 @@ static inline bool drawTab(const int* y, int* x, int l, const char* name, bool c
       return false;
    attrset(CRT_colors[cur ? SCREENS_CUR_BORDER : SCREENS_OTH_BORDER]);
    mvaddch(*y, *x, ']');
-   *x += 1 + SCREEN_TAB_COLUMN_GAP;
-   if (*x >= l)
+   if (*x >= l - (1 + SCREEN_TAB_COLUMN_GAP)) {
+      *x = l;
       return false;
+   }
+   *x += 1 + SCREEN_TAB_COLUMN_GAP;
    return true;
 }