When running 0verkill-server and connecting to it with the x0verkill client (both emerged and running on the same machine), moving the player in the client to the top of the level (see image at URL above) causes 0verkill-server to segfault.

Reproducible: Always

Steps to Reproduce:
1. Run 0verkill-server (default settings, loads "level1").
2. Run x0verkill and connect to the server.
3. Reach the top of the level.

Actual Results:  
0verkill-server segfaults; x0verkill and 0verkill-bot processes hang.

Expected Results:  
Motion checks in the server should fail, constraining the player to the level; the server should continue to function.

Snippet of gdb session:
Program received signal SIGSEGV, Segmentation fault.
0x080540e2 in can_go_x (old_x=38912, new_x=37832, yh=-1, yl=12, flag=0x0) at data.c:483
(gdb) print x
$1 = 37
(gdb) print y
$2 = -1

The relevant code accesses a memory region area_a in the fashion area_a[x+y*AREA_X], where x and y are loop indices and AREA_X is constant. The lower bounds for x and y aren’t checked and may become negative, resulting in a negative value of x+y*AREA_X and causing the segmentation fault.

$ emerge --info
Portage 2.1.3.16 (hardened/x86/2.6, gcc-4.2.2, glibc-2.6.1-r0, 2.6.23-hardened i686)
=================================================================
System uname: 2.6.23-hardened i686 Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
Timestamp of tree: Tue, 30 Oct 2007 12:50:01 +0000
app-shells/bash:     3.2_p17-r1
dev-java/java-config: 1.3.7, 2.1.2-r1
dev-lang/python:     2.4.4-r4, 2.5.1-r3
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.10-r5
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23
ACCEPT_KEYWORDS="x86 ~x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=nocona -O0 -ggdb3 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=nocona -O0 -ggdb3 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="candy collision-protect confcache distlocks installsources metadata-transfer nostrip parallel-fetch sandbox sfperms strict unmerge-orphans userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://213.186.33.37/gentoo-distfiles/"
LANG="en_GB.UTF-8"
LINGUAS="en_GB en en_US de fr es ru"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="3ds 7zip X X509 a52 aac aalib abook ace acl acpi additions aim alisp alsa amr ansi apache2 arj artworkextra asf async audiofile auth bash-completion bcmath berkdb bidi binfilter blender-game bluetooth bonusscripts boost bzip2 cairo cal3d calendar cardbus cddb cdparanoia chipcard chipcard2 chm cjk cli colordiff cpudetection cracklib crypt cscope css ctype cups curl curlwrappers dbase dbm dbus dbx devhelp dga dhcp dia divx djvu doc doomsday dri dts dv dvd dvdnav dvdr dvdread eap-tls ecc effects emf enca encode erandom examples exif extensions extrafilters fame fbcon fbsplash ffmpeg fftw figlet filter finger firefox flac flash flatfile fltk fluidsynth foomaticdb fpx ftp fuse gcc-libffi gcc64 gcj gconf gd gdbm geldkarte geoip ggi gif gimp gimpprint ginac glade glep glgd glib glibc-omitfp glitz glut gmedia gmp gnuplot gnutls gopher gpgme gphoto2 gpm graphviz gs gsl gsm gtk gtk2 gtkhtml guile hal hardened hash hbci hddtemp hdri hfs html i8x0 iconv icq icu id3 idea idn imagemagick imap imlib immqt inkjar insecure-savers ipod ipv6 ipw3945 irda iso14755 ithreads jabber java jce john jpeg jpeg2k json kerberos keyscrub kqemu ladspa lame lash lcms ldap ldap-sasl libcaca libdsk libnotify libsamplerate libsexy libwww lights linuxthreads-tls live lm_sensors logrotate lua lzo lzw m17n-lib math matroska mbox mcal mccp md5sum meanwhile mhash midi mime mimencode ming mjpeg mmap mmx mmxext mng mozbranding mozdevelop mozembed mozilla moznocompose moznoirc moznomail mozsvg mp2 mp3 mp3rtp mp4 mp4live mpeg mpeg2 mplayer mpm-worker msn musepack mysql ncurses net nethack network networking new-interface nfconntrack nfs nis nls nntp normalizemime nptl nptlonly nsplugin ntlm offensive ofx ogg on-the-fly-crypt openal openct openexr opengl openmp oscar overload pam pango passwordsave pch pcmcia pcntl pcre pda pdf perl php pic plotutils plugin png pnm posix print python qt3support quicktime rar readline real realmedia reflection regex resolvconf rle rtc ruby scanner sdl sensord session sharedext shorten sift silc simplexml slang smartcard smime smp smtp sndfile sockets sound sox speex spell spl sqlite sqlite3 sse sse2 ssl subtitles suhosin svg svgz syslog sysvipc t1lib tcpd tetex tga theora threads threadsafe tidy tiff tokenizer truetype type1 ucs2 ucs4 unicode urandom usb v4l v4l2 vcd vim vim-syntax vorbis vorbis-psy wavpack wifi win32codecs wma wmf wmp x264 x86 xanim xcb xchatdccserver xcomposite xface xforms xim xinetd xml xmlreader xmlrpc xmlwriter xorg xosd xplanet xpm xprint xrandr xscreensaver xsl xslt xv xvid xvmc yahoo yv12 zip zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="evdev keyboard synaptics mouse wacom" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_GB en en_US de fr es ru" USERLAND="GNU" VIDEO_CARDS="i810"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS