Skip to content

Commit

Permalink
Fixed bug 2957 - De-reference rz_src without NULL check in SDLgfx_rot…
Browse files Browse the repository at this point in the history 
…ateSurface function

Nitz

In function SDLgfx_rotateSurface:

rz_dst =
            SDL_CreateRGBSurface(SDL_SWSURFACE, dstwidth, dstheight + GUARD_ROWS,
            rz_src->format->Rmask, rz_src->format->Gmask,
            rz_src->format->Bmask, rz_src->format->Amask);

Here rz_src get De-referenced without NULL check, which is risky.
  • Loading branch information
@slouken
slouken committed Oct 8, 2016
1 parent 8b64a78 commit bf076c2
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions src/render/software/SDL_rotate.c
View file
Expand Up @@ -378,10 +378,12 @@ SDLgfx_rotateSurface(SDL_Surface * src, double angle, int centerx, int centery,
#endif
);
rz_src = SDL_ConvertSurfaceFormat(src, format, src->flags);
if (rz_src == NULL) {
return NULL;
}
is32bit = 1;
}


/* Determine target size */
/* _rotozoomSurfaceSizeTrig(rz_src->w, rz_src->h, angle, &dstwidth, &dstheight, &cangle, &sangle); */

Expand All @@ -394,7 +396,6 @@ SDLgfx_rotateSurface(SDL_Surface * src, double angle, int centerx, int centery,
/*
* Alloc space to completely contain the rotated surface
*/
rz_dst = NULL;
if (is32bit) {
/*
* Target surface is 32bit with source RGBA/ABGR ordering
Expand Down

0 comments on commit bf076c2

Please sign in to comment.