Skip to content
Permalink
Browse files Browse the repository at this point in the history
More integer overflow (see bug #187)
Make sure that 'width + alignment' doesn't overflow, otherwise
it could create a SDL_Surface of 'width' but with wrong 'pitch'
  • Loading branch information
1bsyl committed Mar 19, 2022
1 parent 09a2294 commit db1b41a
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions SDL_ttf.c
Expand Up @@ -1257,7 +1257,7 @@ static SDL_Surface* Create_Surface_Solid(int width, int height, SDL_Color fg, Ui
*/
void *pixels, *ptr;
/* Worse case at the end of line pulling 'alignment' extra blank pixels */
Sint64 pitch = width + alignment;
Sint64 pitch = (Sint64)width + (Sint64)alignment;
pitch += alignment;
pitch &= ~alignment;
size = height * pitch + sizeof (void *) + alignment;
Expand Down Expand Up @@ -1321,7 +1321,7 @@ static SDL_Surface* Create_Surface_Shaded(int width, int height, SDL_Color fg, S
*/
void *pixels, *ptr;
/* Worse case at the end of line pulling 'alignment' extra blank pixels */
Sint64 pitch = width + alignment;
Sint64 pitch = (Sint64)width + (Sint64)alignment;
pitch += alignment;
pitch &= ~alignment;
size = height * pitch + sizeof (void *) + alignment;
Expand Down Expand Up @@ -1418,7 +1418,7 @@ static SDL_Surface *Create_Surface_Blended(int width, int height, SDL_Color fg,
Sint64 size;
void *pixels, *ptr;
/* Worse case at the end of line pulling 'alignment' extra blank pixels */
Sint64 pitch = (width + alignment) * 4;
Sint64 pitch = ((Sint64)width + (Sint64)alignment) * 4;
pitch += alignment;
pitch &= ~alignment;
size = height * pitch + sizeof (void *) + alignment;
Expand Down

0 comments on commit db1b41a

Please sign in to comment.