From 98e945757495ee3feaae85594070a534903ddc7b Mon Sep 17 00:00:00 2001
From: Micha? Janiszewski <janisozaur+sdl2image@gmail.com>
Date: Fri, 28 Sep 2018 22:00:26 +0200
Subject: [PATCH] XCF: check if there's sufficient data in the stream before
 allocating

An XCF file could lie about the size of a string it contains. Perform a
check if there is enough of data in the stream before trying to
allocate the advertised size.
---
 IMG_xcf.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/IMG_xcf.c b/IMG_xcf.c
index 1167dd68..8b02135d 100644
--- a/IMG_xcf.c
+++ b/IMG_xcf.c
@@ -225,7 +225,8 @@ static char * read_string (SDL_RWops * src) {
   char * data;
 
   tmp = SDL_ReadBE32 (src);
-  if (tmp > 0) {
+  Sint64 remaining = SDL_RWsize(src) - SDL_RWtell(src);
+  if (tmp > 0 && tmp < remaining) {
     data = (char *) SDL_malloc (sizeof (char) * tmp);
     SDL_RWread (src, data, tmp, 1);
   }