From 15cb42b7fd270aa5dc12d097f964d24c33d7f18b Mon Sep 17 00:00:00 2001
From: Ozkan Sezer <[EMAIL REDACTED]>
Date: Wed, 13 May 2026 14:51:28 +0300
Subject: [PATCH] IMG_xcf.c (read_string): add back the positive string size
check
(cherry picked from commit 2eda043e2c4cabd565f7d8e04893fb53efd857ef)
---
src/IMG_xcf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/IMG_xcf.c b/src/IMG_xcf.c
index 15a66dad3..52b9d03e4 100644
--- a/src/IMG_xcf.c
+++ b/src/IMG_xcf.c
@@ -245,7 +245,7 @@ static char *read_string(SDL_IOStream *src)
return data;
}
remaining = SDL_GetIOSize(src) - SDL_TellIO(src);
- if (tmp <= remaining) {
+ if ((Sint32)tmp > 0 && tmp <= remaining) {
data = (char *)SDL_malloc(tmp);
if (data) {
if (SDL_ReadIO(src, data, tmp) == tmp) {