Fixed TALOS-2019-0842 - XCF Image Code Execution Vulnerability

libsdl-org · Jun 11, 2019 · 0c1db6f · 0c1db6f
1 parent b45dfa8
commit 0c1db6f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/IMG_xcf.c b/IMG_xcf.c
@@ -686,7 +686,7 @@ do_layer_surface(SDL_Surface * surface, SDL_RWops * src, xcf_header * head, xcf_
             p16 = (Uint16 *) p8;
             p = (Uint32 *) p8;
             for (y = ty; y < ty + oy; y++) {
-                if ((ty >= surface->h) || ((tx+ox) > surface->w)) {
+                if ((y >= surface->h) || ((tx+ox) > surface->w)) {
                     break;
                 }
                 row = (Uint32 *) ((Uint8 *) surface->pixels + y * surface->pitch + tx * 4);