[Commits] SDL_image: xcf: Prevent infinite loop and/or buffer overflow on ...

libsdl.org revision control commits-owner at libsdl.org
Wed Feb 7 13:19:00 PST 2018


details:   https://hg.libsdl.org/SDL_image/rev/c5f9cbb5d2bb
changeset: 568:c5f9cbb5d2bb
user:      Ryan C. Gordon <icculus at icculus.org>
date:      Wed Feb 07 16:18:54 2018 -0500
description:
xcf: Prevent infinite loop and/or buffer overflow on bogus data.

diffstat:

 IMG_xcf.c |  14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)

diffs (31 lines):

diff -r 2938fc80591a -r c5f9cbb5d2bb IMG_xcf.c
--- a/IMG_xcf.c	Wed Feb 07 15:43:51 2018 -0500
+++ b/IMG_xcf.c	Wed Feb 07 16:18:54 2018 -0500
@@ -483,6 +483,10 @@
   int i, size, count, j, length;
   unsigned char val;
 
+  if (len == 0) {  /* probably bogus data. */
+    return NULL;
+  }
+
   t = load = (unsigned char *) SDL_malloc (len);
   reallen = SDL_RWread (src, t, 1, len);
 
@@ -608,6 +612,16 @@
                 tile = load_tile(src, ox * oy * 6, hierarchy->bpp, ox, oy);
             }
 
+            if (!tile) {
+                if (hierarchy) {
+                    free_xcf_hierarchy(hierarchy);
+                }
+                if (level) {
+                    free_xcf_level(level);
+                }
+                return 1;
+            }
+
             p8 = tile;
             p16 = (Uint16 *) p8;
             p = (Uint32 *) p8;


More information about the commits mailing list