Sophie: SDL_image-1.2.12-14.mga8 src

SDL_image-1.2.12-14.mga8.src.rpm

Info
Deps
Files
Scripts
ChangeLog
Location
Others versions
Analyse

Description: xcf: Prevent infinite loop and/or buffer overflow on bogus data.
Origin: upstream, https://hg.libsdl.org/SDL_image/rev/c5f9cbb5d2bb

--- a/IMG_xcf.c
+++ b/IMG_xcf.c
@@ -466,6 +466,10 @@ static unsigned char * load_xcf_tile_rle (SDL_RWops * src, Uint32 len, int bpp,
   int i, size, count, j, length;
   unsigned char val;
 
+  if (len == 0) {  /* probably bogus data. */
+    return NULL;
+  }
+
   t = load = (unsigned char *) malloc (len);
   reallen = SDL_RWread (src, t, 1, len);
 
@@ -581,6 +585,16 @@ static int do_layer_surface (SDL_Surface * surface, SDL_RWops * src, xcf_header
 	   ox, oy);
       }
 
+      if (!tile) {
+        if (hierarchy) {
+          free_xcf_hierarchy(hierarchy);
+        }
+        if (level) {
+          free_xcf_level(level);
+        }
+        return 1;
+      }
+
       p8  = tile;
       p16 = (Uint16 *) p8;
       p   = (Uint32 *) p8;