Fix buffer overflow reading the selection buffer

Reading from the top-right of the selection buffer could read
past the buffer bounds. Resolve by ensuring the clamped buffer
isn't empty. Relates to #141591.

source/blender/draw/intern/draw_select_buffer.cc

@@ -80,7 +80,7 @@ uint *DRW_select_buffer_read(
   /* Make sure that the rect is within the bounds of the viewport.
    * Some GPUs have problems reading pixels off limits. */
   rcti rect_clamp = *rect;
-  if (BLI_rcti_isect(&r, &rect_clamp, &rect_clamp)) {
+  if (BLI_rcti_isect(&r, &rect_clamp, &rect_clamp) && !BLI_rcti_is_empty(&rect_clamp)) {
     SELECTID_Context *select_ctx = DRW_select_engine_context_get();
     RegionView3D *rv3d = static_cast<RegionView3D *>(region->regiondata);
 

source/blender/gpu/intern/gpu_select.cc

@@ -287,6 +287,8 @@ void GPU_select_buffer_stride_realign(const rcti *src, const rcti *dst, uint *r_
   const int dst_x = BLI_rcti_size_x(dst);
   const int dst_y = BLI_rcti_size_y(dst);
 
+  BLI_assert(dst_x > 0 && dst_y > 0);
+
   int last_px_id = src_x * (y + dst_y - 1) + (x + dst_x - 1);
   memset(&r_buf[last_px_id + 1], 0, (src_x * src_y - (last_px_id + 1)) * sizeof(*r_buf));