SDL_image: IMG_xcf.c (read_string): add back the positive string size check

SDLPushPostBot · May 13, 2026, 11:56am

From d23a437d9b620cfca437ffa5aa332799435973bd Mon Sep 17 00:00:00 2001
From: Ozkan Sezer <[EMAIL REDACTED]>
Date: Wed, 13 May 2026 14:51:47 +0300
Subject: [PATCH] IMG_xcf.c (read_string): add back the positive string size
 check

(cherry picked from commit cdbe3bf771606a3502c1c5994812bfc48d4814a0)
---
 src/IMG_xcf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/IMG_xcf.c b/src/IMG_xcf.c
index b51344852..4e2e635dc 100644
--- a/src/IMG_xcf.c
+++ b/src/IMG_xcf.c
@@ -241,7 +241,7 @@ static char * read_string (SDL_RWops * src) {
     return data;
   }
 
-  if ((Sint32)tmp <= remaining) {
+  if ((Sint32)tmp > 0 && (Sint32)tmp <= remaining) {
     data = (char *) SDL_malloc (sizeof (char) * tmp);
     if (data) {
       SDL_RWread(src, data, tmp, 1);