blob: 823a2b9cbce5566c9a42d4cca753b159b3dae739 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
# HG changeset patch
# User Ryan C. Gordon <icculus@icculus.org>
# Date 1518036231 18000
# Node ID 2938fc80591abeae74b971cbdf966eff3213297e
# Parent f50c9c46ba52f5a594313774a938844e5cf82b4d
pcx: don't overflow buffer if bytes-per-line is less than image width.
diff -r f50c9c46ba52 -r 2938fc80591a IMG_pcx.c
--- a/IMG_pcx.c Sun Jan 28 22:10:40 2018 -0800
+++ b/IMG_pcx.c Wed Feb 07 15:43:51 2018 -0500
@@ -147,7 +147,7 @@
if (bpl > surface->pitch) {
error = "bytes per line is too large (corrupt?)";
}
- buf = (Uint8 *)SDL_malloc(bpl);
+ buf = (Uint8 *)SDL_calloc(SDL_max(bpl, surface->pitch), 1);
row = (Uint8 *)surface->pixels;
for ( y=0; y<surface->h; ++y ) {
/* decode a scan line to a temporary buffer first */
|