summaryrefslogtreecommitdiffstats
path: root/abs/extra/sdl_image/SDL_image-IMG_lbm.patch
diff options
context:
space:
mode:
Diffstat (limited to 'abs/extra/sdl_image/SDL_image-IMG_lbm.patch')
-rw-r--r--abs/extra/sdl_image/SDL_image-IMG_lbm.patch28
1 files changed, 28 insertions, 0 deletions
diff --git a/abs/extra/sdl_image/SDL_image-IMG_lbm.patch b/abs/extra/sdl_image/SDL_image-IMG_lbm.patch
new file mode 100644
index 0000000..cc4a29b
--- /dev/null
+++ b/abs/extra/sdl_image/SDL_image-IMG_lbm.patch
@@ -0,0 +1,28 @@
+--- trunk/SDL_image/IMG_lbm.c 2007/07/20 04:37:11 3341
++++ trunk/SDL_image/IMG_lbm.c 2008/01/03 20:05:34 3521
+@@ -28,6 +28,7 @@
+ EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain
+ (http://www.multimania.com/mavati) in December 2003.
+ Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004.
++ Buffer overflow fix in RLE decompression by David Raulo in January 2008.
+ */
+
+ #include <stdio.h>
+@@ -328,7 +329,7 @@
+ count ^= 0xFF;
+ count += 2; /* now it */
+
+- if ( !SDL_RWread( src, &color, 1, 1 ) )
++ if ( ( count > remainingbytes ) || !SDL_RWread( src, &color, 1, 1 ) )
+ {
+ error="error reading BODY chunk";
+ goto done;
+@@ -339,7 +340,7 @@
+ {
+ ++count;
+
+- if ( !SDL_RWread( src, ptr, count, 1 ) )
++ if ( ( count > remainingbytes ) || !SDL_RWread( src, ptr, count, 1 ) )
+ {
+ error="error reading BODY chunk";
+ goto done;
generated by cgit v0.12 at 2024-04-29 12:54:31 (GMT)