From f6769997411b2152ed48d0ec11a062e363bf94fd Mon Sep 17 00:00:00 2001
From: "Ryan C. Gordon" <icculus@icculus.org>
Date: Wed, 7 Feb 2018 15:43:51 -0500
Subject: [PATCH] pcx: don't overflow buffer if bytes-per-line is less than
 image width.

---
 IMG_pcx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/IMG_pcx.c b/IMG_pcx.c
index 64430c04..df73cb1f 100755
--- a/IMG_pcx.c
+++ b/IMG_pcx.c
@@ -147,7 +147,7 @@ SDL_Surface *IMG_LoadPCX_RW(SDL_RWops *src)
     if (bpl > surface->pitch) {
         error = "bytes per line is too large (corrupt?)";
     }
-    buf = (Uint8 *)SDL_malloc(bpl);
+    buf = (Uint8 *)SDL_calloc(SDL_max(bpl, surface->pitch), 1);
     row = (Uint8 *)surface->pixels;
     for ( y=0; y<surface->h; ++y ) {
         /* decode a scan line to a temporary buffer first */