XCF: check if there's sufficient data in the stream before allocating
authorMichał Janiszewski <janisozaur+sdl2image@gmail.com>
Fri, 28 Sep 2018 22:00:26 +0200
changeset 59231263a049d50
parent 591 90a531f221f2
child 593 cec9b7594f75
XCF: check if there's sufficient data in the stream before allocating

An XCF file could lie about the size of a string it contains. Perform a
check if there is enough of data in the stream before trying to
allocate the advertised size.
IMG_xcf.c
     1.1 --- a/IMG_xcf.c	Fri Sep 28 20:56:50 2018 -0700
     1.2 +++ b/IMG_xcf.c	Fri Sep 28 22:00:26 2018 +0200
     1.3 @@ -225,7 +225,8 @@
     1.4    char * data;
     1.5  
     1.6    tmp = SDL_ReadBE32 (src);
     1.7 -  if (tmp > 0) {
     1.8 +  Sint64 remaining = SDL_RWsize(src) - SDL_RWtell(src);
     1.9 +  if (tmp > 0 && tmp < remaining) {
    1.10      data = (char *) SDL_malloc (sizeof (char) * tmp);
    1.11      SDL_RWread (src, data, tmp, 1);
    1.12    }