Skip to content

Commit

Permalink
xcf: Fix potential buffer overflow on corrupt or maliciously-crafted …
Browse files Browse the repository at this point in the history 
…XCF file.
  • Loading branch information
@icculus
icculus committed Sep 26, 2018
1 parent 7b6f9bc commit 8373c58
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions IMG_xcf.c
View file
Expand Up @@ -638,6 +638,9 @@ do_layer_surface(SDL_Surface * surface, SDL_RWops * src, xcf_header * head, xcf_
p16 = (Uint16 *) p8;
p = (Uint32 *) p8;
for (y = ty; y < ty + oy; y++) {
if ((ty >= surface->h) || ((tx+ox) > surface->w)) {
break;
}
row = (Uint32 *) ((Uint8 *) surface->pixels + y * surface->pitch + tx * 4);
switch (hierarchy->bpp) {
case 4:
Expand Down

0 comments on commit 8373c58

Please sign in to comment.