From 23e7c7b72bc5dcac59e1c5605b8aa011534f9106 Mon Sep 17 00:00:00 2001
From: Ozkan Sezer <[EMAIL REDACTED]>
Date: Sun, 1 May 2022 00:21:10 +0300
Subject: [PATCH] IMG_qoi.c: make sure the image size fits into an int without
truncation:
qoi_decode() accepts the size in int.
---
IMG_qoi.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/IMG_qoi.c b/IMG_qoi.c
index 03cc18b..1ac4e6c 100644
--- a/IMG_qoi.c
+++ b/IMG_qoi.c
@@ -24,6 +24,7 @@
*/
#include "SDL_image.h"
+#include <limits.h> /* for INT_MAX */
#ifdef LOAD_QOI
@@ -68,6 +69,11 @@ SDL_Surface *IMG_LoadQOI_RW(SDL_RWops *src)
if ( !data ) {
return NULL;
}
+ if ( size > INT_MAX ) {
+ SDL_free(data);
+ IMG_SetError("QOI image is too big.");
+ return NULL;
+ }
pixel_data = qoi_decode(data, (int)size, &image_info, 4);
SDL_free(data);