Description: fix invalid data read on bpl == -1 Issue known as TALOS-2019-0821, or CVE-2019-5052. Author: Sam Lantinga <slouken@libsdl.org> Origin: upstream, https://hg.libsdl.org/SDL_image/rev/b920be2b3fc6 --- a/IMG_pcx.c 2019-07-23 11:55:37.921487131 -0300 +++ b/IMG_pcx.c 2019-07-23 11:55:46.429453620 -0300 @@ -148,7 +148,7 @@ goto done; bpl = pcxh.NPlanes * pcxh.BytesPerLine; - if (bpl > surface->pitch) { + if (bpl < 0 || bpl > surface->pitch) { error = "bytes per line is too large (corrupt?)"; goto done; }