Package: sdl-image1.2 / 1.2.12-12

CVE-2018-3837.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Description: pcx: don't overflow buffer if bytes-per-line is less than image width.
Origin: upstream, https://hg.libsdl.org/SDL_image/rev/2938fc80591a

--- a/IMG_pcx.c
+++ b/IMG_pcx.c
@@ -149,7 +149,7 @@ SDL_Surface *IMG_LoadPCX_RW(SDL_RWops *src)
 	if (bpl > surface->pitch) {
 		error = "bytes per line is too large (corrupt?)";
 	}
-	buf = malloc(bpl);
+	buf = calloc(SDL_max(bpl, surface->pitch), 1);
 	row = surface->pixels;
 	for ( y=0; y<surface->h; ++y ) {
 		/* decode a scan line to a temporary buffer first */