Sophie

Sophie

distrib > Mageia > 8 > x86_64 > by-pkgid > a48407b9ae23d07a9f26b820f1a114a4 > files > 9

SDL_image-1.2.12-14.mga8.src.rpm

Description: pcx: don't overflow buffer if bytes-per-line is less than image width.
Origin: upstream, https://hg.libsdl.org/SDL_image/rev/2938fc80591a

--- a/IMG_pcx.c
+++ b/IMG_pcx.c
@@ -149,7 +149,7 @@ SDL_Surface *IMG_LoadPCX_RW(SDL_RWops *src)
 	if (bpl > surface->pitch) {
 		error = "bytes per line is too large (corrupt?)";
 	}
-	buf = malloc(bpl);
+	buf = calloc(SDL_max(bpl, surface->pitch), 1);
 	row = surface->pixels;
 	for ( y=0; y<surface->h; ++y ) {
 		/* decode a scan line to a temporary buffer first */