[Commits] SDL_image: xcf: Fix potential buffer overflow on corrupt or mali...

libsdl.org revision control commits-owner at libsdl.org
Wed Sep 26 11:58:38 PDT 2018


details:   https://hg.libsdl.org/SDL_image/rev/170d7d32e4a8
changeset: 585:170d7d32e4a8
user:      Ryan C. Gordon <icculus at icculus.org>
date:      Wed Sep 26 14:58:31 2018 -0400
description:
xcf: Fix potential buffer overflow on corrupt or maliciously-crafted XCF file.

diffstat:

 IMG_xcf.c |  3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diffs (13 lines):

diff -r 8fee51506499 -r 170d7d32e4a8 IMG_xcf.c
--- a/IMG_xcf.c	Sun Jun 17 09:04:01 2018 +0300
+++ b/IMG_xcf.c	Wed Sep 26 14:58:31 2018 -0400
@@ -638,6 +638,9 @@
             p16 = (Uint16 *) p8;
             p = (Uint32 *) p8;
             for (y = ty; y < ty + oy; y++) {
+                if ((ty >= surface->h) || ((tx+ox) > surface->w)) {
+                    break;
+                }
                 row = (Uint32 *) ((Uint8 *) surface->pixels + y * surface->pitch + tx * 4);
                 switch (hierarchy->bpp) {
                 case 4:


More information about the commits mailing list