Sophie

Sophie

distrib > Mageia > 8 > x86_64 > by-pkgid > a48407b9ae23d07a9f26b820f1a114a4 > files > 12

SDL_image-1.2.12-14.mga8.src.rpm

From: Ryan C. Gordon <icculus@icculus.org>
Date: Sun, 4 Nov 2018 23:56:44 +0000
Subject: CVE-2018-3977

xcf: Fix potential buffer overflow on corrupt or maliciously-crafted XCF file.

https://hg.libsdl.org/SDL_image/rev/170d7d32e4a8
---
 IMG_xcf.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/IMG_xcf.c b/IMG_xcf.c
index 064e641..93b6929 100644
--- a/IMG_xcf.c
+++ b/IMG_xcf.c
@@ -634,6 +634,9 @@ static int do_layer_surface (SDL_Surface * surface, SDL_RWops * src, xcf_header
       p16 = (Uint16 *) p8;
       p   = (Uint32 *) p8;
       for (y=ty; y < ty+oy; y++) {
+	if ((ty >= surface->h) || ((tx+ox) > surface->w)) {
+		break;
+	}
 	row = (Uint32 *)((Uint8 *)surface->pixels + y*surface->pitch + tx*4);
 	switch (hierarchy->bpp) {
 	case 4:

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional