xcf: Fix potential buffer overflow on corrupt or maliciously-crafted XCF file.
authorRyan C. Gordon <icculus@icculus.org>
Wed, 26 Sep 2018 14:58:31 -0400
changeset 585170d7d32e4a8
parent 584 8fee51506499
child 586 19beb4a1bb54
xcf: Fix potential buffer overflow on corrupt or maliciously-crafted XCF file.
IMG_xcf.c
     1.1 --- a/IMG_xcf.c	Sun Jun 17 09:04:01 2018 +0300
     1.2 +++ b/IMG_xcf.c	Wed Sep 26 14:58:31 2018 -0400
     1.3 @@ -638,6 +638,9 @@
     1.4              p16 = (Uint16 *) p8;
     1.5              p = (Uint32 *) p8;
     1.6              for (y = ty; y < ty + oy; y++) {
     1.7 +                if ((ty >= surface->h) || ((tx+ox) > surface->w)) {
     1.8 +                    break;
     1.9 +                }
    1.10                  row = (Uint32 *) ((Uint8 *) surface->pixels + y * surface->pitch + tx * 4);
    1.11                  switch (hierarchy->bpp) {
    1.12                  case 4: