Description: pcx: don't overflow buffer if bytes-per-line is less than image width.
Origin: upstream, https://hg.libsdl.org/SDL_image/rev/2938fc80591a
--- a/IMG_pcx.c
+++ b/IMG_pcx.c
@@ -149,7 +149,7 @@ SDL_Surface *IMG_LoadPCX_RW(SDL_RWops *src)
if (bpl > surface->pitch) {
error = "bytes per line is too large (corrupt?)";
}
- buf = malloc(bpl);
+ buf = calloc(SDL_max(bpl, surface->pitch), 1);
row = surface->pixels;
for ( y=0; y<surface->h; ++y ) {
/* decode a scan line to a temporary buffer first */
distrib
>
Mageia
>
5
>
i586
>
media
>
core-updates-src
>
by-pkgid
>
e4215cb95223298434e1358c7e3f03cf
>
files
>
9
