Description: bmp: don't overflow palette buffer with bogus biClrUsed values.
Origin: upstream, https://hg.libsdl.org/SDL_image/rev/37445f6180a8
--- a/IMG_bmp.c
+++ b/IMG_bmp.c
@@ -760,6 +760,11 @@
if (biClrUsed == 0) {
biClrUsed = 1 << biBitCount;
}
+ if (biClrUsed > SDL_arraysize(palette)) {
+ IMG_SetError("Unsupported or incorrect biClrUsed field");
+ was_error = SDL_TRUE;
+ goto done;
+ }
for (i = 0; i < (int) biClrUsed; ++i) {
SDL_RWread(src, &palette[i], 4, 1);
}
distrib
>
Mageia
>
5
>
i586
>
media
>
core-updates-src
>
by-pkgid
>
e4215cb95223298434e1358c7e3f03cf
>
files
>
5
