[packages/SDL_image.git] / SDL_image-IMG_lbm.patch

--- trunk/SDL_image/IMG_lbm.c	2007/07/20 04:37:11	3341
+++ trunk/SDL_image/IMG_lbm.c	2008/01/03 20:05:34	3521
@@ -28,6 +28,7 @@
    EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain
    (http://www.multimania.com/mavati) in December 2003.
    Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004.
+   Buffer overflow fix in RLE decompression by David Raulo in January 2008.
 */
 
 #include <stdio.h>
@@ -328,7 +329,7 @@
 						count ^= 0xFF;
 						count += 2; /* now it */
 
-						if ( !SDL_RWread( src, &color, 1, 1 ) )
+						if ( ( count > remainingbytes ) || !SDL_RWread( src, &color, 1, 1 ) )
 						{
 						   error="error reading BODY chunk";
 							goto done;
@@ -339,7 +340,7 @@
 					{
 						++count;
 
-						if ( !SDL_RWread( src, ptr, count, 1 ) )
+						if ( ( count > remainingbytes ) || !SDL_RWread( src, ptr, count, 1 ) )
 						{
 						   error="error reading BODY chunk";
 							goto done;
Commit	Line	Data
6e0f988d SS	1	--- trunk/SDL_image/IMG_lbm.c 2007/07/20 04:37:11 3341
	2	+++ trunk/SDL_image/IMG_lbm.c 2008/01/03 20:05:34 3521
	3	@@ -28,6 +28,7 @@
	4	EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain
	5	(http://www.multimania.com/mavati) in December 2003.
	6	Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004.
	7	+ Buffer overflow fix in RLE decompression by David Raulo in January 2008.
	8	*/
	9
	10	#include <stdio.h>
	11	@@ -328,7 +329,7 @@
	12	count ^= 0xFF;
	13	count += 2; /* now it */
	14
	15	- if ( !SDL_RWread( src, &color, 1, 1 ) )
	16	+ if ( ( count > remainingbytes ) \|\| !SDL_RWread( src, &color, 1, 1 ) )
	17	{
	18	error="error reading BODY chunk";
	19	goto done;
	20	@@ -339,7 +340,7 @@
	21	{
	22	++count;
	23
	24	- if ( !SDL_RWread( src, ptr, count, 1 ) )
	25	+ if ( ( count > remainingbytes ) \|\| !SDL_RWread( src, ptr, count, 1 ) )
	26	{
	27	error="error reading BODY chunk";
	28	goto done;