# HG changeset patch
# User Ryan C. Gordon <icculus@icculus.org>
# Date 1518036231 18000
# Node ID 2938fc80591abeae74b971cbdf966eff3213297e
# Parent  f50c9c46ba52f5a594313774a938844e5cf82b4d
pcx: don't overflow buffer if bytes-per-line is less than image width.

diff -r f50c9c46ba52 -r 2938fc80591a IMG_pcx.c
--- a/IMG_pcx.c	Sun Jan 28 22:10:40 2018 -0800
+++ b/IMG_pcx.c	Wed Feb 07 15:43:51 2018 -0500
@@ -147,7 +147,7 @@
     if (bpl > surface->pitch) {
         error = "bytes per line is too large (corrupt?)";
     }
-    buf = (Uint8 *)SDL_malloc(bpl);
+    buf = (Uint8 *)SDL_calloc(SDL_max(bpl, surface->pitch), 1);
     row = (Uint8 *)surface->pixels;
     for ( y=0; y<surface->h; ++y ) {
         /* decode a scan line to a temporary buffer first */