From 8368ea92c8bb86d65dd28ba10eeeeecefbd7d214 Mon Sep 17 00:00:00 2001
From: Manuel Fischer <[EMAIL REDACTED]>
Date: Mon, 21 Feb 2022 08:46:26 +0100
Subject: [PATCH] Small Bugfix: Possible Buffer Overflow (#180)
- If the allocation fails, the next time the function is called with the same string, it seems that the buffer size is enough. A buffer overflow occurs.
---
SDL_ttf.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/SDL_ttf.c b/SDL_ttf.c
index 8a9d1b0..053f42b 100644
--- a/SDL_ttf.c
+++ b/SDL_ttf.c
@@ -3007,6 +3007,7 @@ static int TTF_Size_Internal(TTF_Font *font,
font->pos_max *= 2;
font->pos_buf = (PosBuf_t *)SDL_realloc(font->pos_buf, font->pos_max * sizeof (font->pos_buf[0]));
if (font->pos_buf == NULL) {
+ font->pos_max /= 2;
font->pos_buf = saved;
TTF_SetError("Out of memory");
goto failure;