From 2a83093b36008080654bbaa1fa89d0d37c5d0a3b Mon Sep 17 00:00:00 2001
From: Sam Lantinga <[EMAIL REDACTED]>
Date: Fri, 3 Feb 2023 15:45:43 -0800
Subject: [PATCH] Use a reasonable upper bound on the number of pixels we'll
try to draw when traversing a line
Fixes https://github.com/libsdl-org/SDL/issues/6116
---
src/render/SDL_render.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/render/SDL_render.c b/src/render/SDL_render.c
index 65680abce399..9c2314da5ec9 100644
--- a/src/render/SDL_render.c
+++ b/src/render/SDL_render.c
@@ -2718,6 +2718,7 @@ int SDL_RenderLine(SDL_Renderer *renderer, float x1, float y1, float x2, float y
static int RenderLineBresenham(SDL_Renderer *renderer, int x1, int y1, int x2, int y2, SDL_bool draw_last)
{
+ const int MAX_PIXELS = SDL_max(renderer->view->pixel_w, renderer->view->pixel_h) * 4;
int i, deltax, deltay, numpixels;
int d, dinc1, dinc2;
int x, xinc1, xinc2;
@@ -2765,6 +2766,10 @@ static int RenderLineBresenham(SDL_Renderer *renderer, int x1, int y1, int x2, i
--numpixels;
}
+ if (numpixels > MAX_PIXELS) {
+ return SDL_SetError("Line too long (tried to draw %d pixels, max %d)", numpixels, MAX_PIXELS);
+ }
+
points = SDL_small_alloc(SDL_FPoint, numpixels, &isstack);
if (points == NULL) {
return SDL_OutOfMemory();