File: CVE-2018-3837.patch

package info (click to toggle)
libsdl2-image 2.0.0%2Bdfsg-3%2Bdeb8u1
  • links: PTS, VCS
  • area: main
  • in suites: jessie
  • size: 2,140 kB
  • sloc: sh: 10,011; ansic: 9,550; makefile: 89
file content (19 lines) | stat: -rw-r--r-- 762 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
 
# HG changeset patch
# User Ryan C. Gordon <icculus@icculus.org>
# Date 1518036231 18000
# Node ID 2938fc80591abeae74b971cbdf966eff3213297e
# Parent  f50c9c46ba52f5a594313774a938844e5cf82b4d
pcx: don't overflow buffer if bytes-per-line is less than image width.

diff -r f50c9c46ba52 -r 2938fc80591a IMG_pcx.c
--- a/IMG_pcx.c	Sun Jan 28 22:10:40 2018 -0800
+++ b/IMG_pcx.c	Wed Feb 07 15:43:51 2018 -0500
@@ -147,7 +147,7 @@
     if (bpl > surface->pitch) {
         error = "bytes per line is too large (corrupt?)";
     }
-    buf = (Uint8 *)SDL_malloc(bpl);
+    buf = (Uint8 *)SDL_calloc(SDL_max(bpl, surface->pitch), 1);
     row = (Uint8 *)surface->pixels;
     for ( y=0; y<surface->h; ++y ) {
         /* decode a scan line to a temporary buffer first */