pcx: don't overflow buffer if bytes-per-line is less than image width.

libsdl-org · Feb 7, 2018 · f676999 · f676999
1 parent 62cd8cd
commit f676999
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/IMG_pcx.c b/IMG_pcx.c
@@ -147,7 +147,7 @@ SDL_Surface *IMG_LoadPCX_RW(SDL_RWops *src)
     if (bpl > surface->pitch) {
         error = "bytes per line is too large (corrupt?)";
     }
-    buf = (Uint8 *)SDL_malloc(bpl);
+    buf = (Uint8 *)SDL_calloc(SDL_max(bpl, surface->pitch), 1);
     row = (Uint8 *)surface->pixels;
     for ( y=0; y<surface->h; ++y ) {
         /* decode a scan line to a temporary buffer first */