Skip to content
Permalink
Browse files
xcf: Fix potential buffer overflow on corrupt or maliciously-crafted …
…XCF file.
  • Loading branch information
icculus committed Sep 26, 2018
1 parent 7b6f9bc commit 8373c58aa8c66e67e714e7a7caf8bd54ef162eac
Showing 1 changed file with 3 additions and 0 deletions.
@@ -638,6 +638,9 @@ do_layer_surface(SDL_Surface * surface, SDL_RWops * src, xcf_header * head, xcf_
p16 = (Uint16 *) p8;
p = (Uint32 *) p8;
for (y = ty; y < ty + oy; y++) {
if ((ty >= surface->h) || ((tx+ox) > surface->w)) {
break;
}
row = (Uint32 *) ((Uint8 *) surface->pixels + y * surface->pitch + tx * 4);
switch (hierarchy->bpp) {
case 4:

0 comments on commit 8373c58

Please sign in to comment.