30 lines
1.1 KiB
Plaintext
30 lines
1.1 KiB
Plaintext
$OpenBSD: patch-IMG_lbm_c,v 1.1 2008/03/31 21:19:17 jasper Exp $
|
|
--- IMG_lbm.c.orig Fri Mar 28 18:37:11 2008
|
|
+++ IMG_lbm.c Fri Mar 28 18:39:09 2008
|
|
@@ -30,6 +30,7 @@
|
|
EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain
|
|
(http://www.multimania.com/mavati) in December 2003.
|
|
Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004.
|
|
+ Buffer overflow fix in RLE decompression by David Raulo in January 2008.
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
@@ -321,7 +322,7 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *src )
|
|
count ^= 0xFF;
|
|
count += 2; /* now it */
|
|
|
|
- if ( !SDL_RWread( src, &color, 1, 1 ) )
|
|
+ if ( ( count > remainingbytes ) || !SDL_RWread( src, &color, 1, 1 ) )
|
|
{
|
|
error="error reading BODY chunk";
|
|
goto done;
|
|
@@ -332,7 +333,7 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *src )
|
|
{
|
|
++count;
|
|
|
|
- if ( !SDL_RWread( src, ptr, count, 1 ) )
|
|
+ if ( ( count > remainingbytes ) || !SDL_RWread( src, ptr, count, 1 ) )
|
|
{
|
|
error="error reading BODY chunk";
|
|
goto done;
|