From 822207ee09095b8f0a936f6f2d62e020f92a4c24 Mon Sep 17 00:00:00 2001
From: Ozkan Sezer <[EMAIL REDACTED]>
Date: Wed, 13 May 2026 14:55:02 +0300
Subject: [PATCH] IMG_xcf.c (read_string): add back the positive string size
check
---
IMG_xcf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/IMG_xcf.c b/IMG_xcf.c
index c8becfec..61e08918 100644
--- a/IMG_xcf.c
+++ b/IMG_xcf.c
@@ -245,7 +245,7 @@ static char * read_string (SDL_RWops * src) {
return data;
}
- if ((Sint32)tmp <= remaining) {
+ if ((Sint32)tmp > 0 && (Sint32)tmp <= remaining) {
data = (char *) malloc (sizeof (char) * tmp);
if (data) {
SDL_RWread(src, data, tmp, 1);