Description: Fix potential buffer overflow on corrupt or maliciously-crafted XCF file.
 This patch bundles two fixes, the original one for CVE-2018-3977
 (TALOS-2018-0645) which is actually broken, and the followup patch
 (TALOS-2019-0842).
Author: Ryan C. Gordon <icculus@icculus.org>
Origin: upstream, https://hg.libsdl.org/SDL_image/rev/170d7d32e4a8
                  https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10
--- a/IMG_xcf.c	2019-07-27 13:21:45.402211011 -0300
+++ b/IMG_xcf.c	2019-07-27 13:21:45.398211049 -0300
@@ -637,6 +637,9 @@
       p16 = (Uint16 *) p8;
       p   = (Uint32 *) p8;
       for (y=ty; y < ty+oy; y++) {
+    if ((y >= surface->h) || ((tx+ox) > surface->w)) {
+        break;
+    }
     row = (Uint32 *)((Uint8 *)surface->pixels + y*surface->pitch + tx*4);
     switch (hierarchy->bpp) {
     case 4: