pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/graphics/SDL_image



Module Name:    pkgsrc
Committed By:   nia
Date:           Thu May 14 16:08:07 UTC 2020

Modified Files:
        pkgsrc/graphics/SDL_image: Makefile distinfo
Added Files:
        pkgsrc/graphics/SDL_image/patches: patch-IMG__bmp.c patch-IMG__lbm.c
            patch-IMG__pcx.c patch-IMG__xpm.c

Log Message:
SDL_image: Best effort attempt at grabbing fixes from upstream hg

Bump PKGREVISION


To generate a diff of this commit:
cvs rdiff -u -r1.52 -r1.53 pkgsrc/graphics/SDL_image/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/graphics/SDL_image/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/SDL_image/patches/patch-IMG__bmp.c \
    pkgsrc/graphics/SDL_image/patches/patch-IMG__lbm.c \
    pkgsrc/graphics/SDL_image/patches/patch-IMG__pcx.c \
    pkgsrc/graphics/SDL_image/patches/patch-IMG__xpm.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/SDL_image/Makefile
diff -u pkgsrc/graphics/SDL_image/Makefile:1.52 pkgsrc/graphics/SDL_image/Makefile:1.53
--- pkgsrc/graphics/SDL_image/Makefile:1.52     Sun Jan 26 17:31:19 2020
+++ pkgsrc/graphics/SDL_image/Makefile  Thu May 14 16:08:06 2020
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.52 2020/01/26 17:31:19 rillig Exp $
+# $NetBSD: Makefile,v 1.53 2020/05/14 16:08:06 nia Exp $
 
 DISTNAME=      SDL_image-1.2.12
-PKGREVISION=   8
+PKGREVISION=   9
 CATEGORIES=    graphics devel
 MASTER_SITES=  http://www.libsdl.org/projects/SDL_image/release/
 

Index: pkgsrc/graphics/SDL_image/distinfo
diff -u pkgsrc/graphics/SDL_image/distinfo:1.17 pkgsrc/graphics/SDL_image/distinfo:1.18
--- pkgsrc/graphics/SDL_image/distinfo:1.17     Tue Nov  3 21:33:52 2015
+++ pkgsrc/graphics/SDL_image/distinfo  Thu May 14 16:08:06 2020
@@ -1,7 +1,11 @@
-$NetBSD: distinfo,v 1.17 2015/11/03 21:33:52 agc Exp $
+$NetBSD: distinfo,v 1.18 2020/05/14 16:08:06 nia Exp $
 
 SHA1 (SDL_image-1.2.12.tar.gz) = 5e3e393d4e366638048bbb10d6a269ea3f4e4cf2
 RMD160 (SDL_image-1.2.12.tar.gz) = 206990959c6b225286c0a19bc05b991c6bc2c3e8
 SHA512 (SDL_image-1.2.12.tar.gz) = 0e71b280abc2a7f15755e4480a3c1b52d41f9f8b0c9216a6f5bd9fc0e939456fb5d6c10419e1d1904785783f9a1891ead278c03e88b0466fecc6871c3ca40136
 Size (SDL_image-1.2.12.tar.gz) = 2231074 bytes
+SHA1 (patch-IMG__bmp.c) = 7c89a5bdcc5d3e5c1c7e2ee635dd063364bb8319
+SHA1 (patch-IMG__lbm.c) = 798ff3bc672894d4676214af97dbf30c3e639ffe
+SHA1 (patch-IMG__pcx.c) = 622c3c369b6830aa6b8093e58427555a16304576
+SHA1 (patch-IMG__xpm.c) = aab5f6949bc56f1087b3ff54eb763dd7a1aa1809
 SHA1 (patch-Makefile.in) = e8ae18e00af376676b292dc8419ed0d50c038db3

Added files:

Index: pkgsrc/graphics/SDL_image/patches/patch-IMG__bmp.c
diff -u /dev/null pkgsrc/graphics/SDL_image/patches/patch-IMG__bmp.c:1.1
--- /dev/null   Thu May 14 16:08:07 2020
+++ pkgsrc/graphics/SDL_image/patches/patch-IMG__bmp.c  Thu May 14 16:08:07 2020
@@ -0,0 +1,92 @@
+$NetBSD: patch-IMG__bmp.c,v 1.1 2020/05/14 16:08:07 nia Exp $
+
+Various sanity fixes from upstream preventing potential
+security problems.
+
+--- IMG_bmp.c.orig     2012-01-21 01:51:33.000000000 +0000
++++ IMG_bmp.c
+@@ -272,6 +272,11 @@ static SDL_Surface *LoadBMP_RW (SDL_RWop
+               biClrUsed       = SDL_ReadLE32(src);
+               biClrImportant  = SDL_ReadLE32(src);
+       }
++      if (biWidth <= 0 || biHeight == 0) {
++              IMG_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
++              was_error = SDL_TRUE;
++              goto done;
++      }
+       if (biHeight < 0) {
+               topDown = SDL_TRUE;
+               biHeight = -biHeight;
+@@ -292,6 +297,15 @@ static SDL_Surface *LoadBMP_RW (SDL_RWop
+                       ExpandBMP = biBitCount;
+                       biBitCount = 8;
+                       break;
++              case 0:
++              case 2:
++              case 3:
++              case 5:
++              case 6:
++              case 7:
++                      IMG_SetError("%d-bpp BMP images are not supported", biBitCount);
++                      was_error = SDL_TRUE;
++                      goto done;
+               default:
+                       ExpandBMP = 0;
+                       break;
+@@ -444,7 +458,12 @@ static SDL_Surface *LoadBMP_RW (SDL_RWop
+                                               goto done;
+                                       }
+                               }
+-                              *(bits+i) = (pixel>>shift);
++                              bits[i] = (pixel >> shift);
++                              if (bits[i] >= biClrUsed) {
++                                      IMG_SetError("A BMP image contains a pixel with a color out of the palette");
++                                      was_error = SDL_TRUE;
++                                      goto done;
++                              }
+                               pixel <<= ExpandBMP;
+                       } }
+                       break;
+@@ -456,6 +475,15 @@ static SDL_Surface *LoadBMP_RW (SDL_RWop
+                               was_error = SDL_TRUE;
+                               goto done;
+                       }
++                      if (biBitCount == 8 && palette && biClrUsed < (1 << biBitCount)) {
++                              for (i = 0; i < surface->w; ++i) {
++                                      if (bits[i] >= biClrUsed) {
++                                              IMG_SetError("A BMP image contains a pixel with a color out of the palette");
++                                              was_error = SDL_TRUE;
++                                              goto done;
++                                      }
++                              }
++                      }
+ #if SDL_BYTEORDER == SDL_BIG_ENDIAN
+                       /* Byte-swap the pixels if needed. Note that the 24bpp
+                          case has already been taken care of above. */
+@@ -662,6 +690,14 @@ LoadICOCUR_RW(SDL_RWops * src, int type,
+         goto done;
+     }
+ 
++    /* sanity check image size, so we don't overflow integers, etc. */
++    if ((biWidth < 0) || (biWidth > 0xFFFFFF) ||
++        (biHeight < 0) || (biHeight > 0xFFFFFF)) {
++        IMG_SetError("Unsupported or invalid ICO dimensions");
++        was_error = SDL_TRUE;
++        goto done;
++    }
++
+     /* Create a RGBA surface */
+     biHeight = biHeight >> 1;
+     //printf("%d x %d\n", biWidth, biHeight);
+@@ -679,6 +715,11 @@ LoadICOCUR_RW(SDL_RWops * src, int type,
+         if (biClrUsed == 0) {
+             biClrUsed = 1 << biBitCount;
+         }
++        if (biClrUsed > (sizeof(palette)/sizeof(palette[0]))) {
++            IMG_SetError("Unsupported or incorrect biClrUsed field");
++            was_error = SDL_TRUE;
++            goto done;
++        }
+         for (i = 0; i < (int) biClrUsed; ++i) {
+             SDL_RWread(src, &palette[i], 4, 1);
+         }
Index: pkgsrc/graphics/SDL_image/patches/patch-IMG__lbm.c
diff -u /dev/null pkgsrc/graphics/SDL_image/patches/patch-IMG__lbm.c:1.1
--- /dev/null   Thu May 14 16:08:07 2020
+++ pkgsrc/graphics/SDL_image/patches/patch-IMG__lbm.c  Thu May 14 16:08:07 2020
@@ -0,0 +1,97 @@
+$NetBSD: patch-IMG__lbm.c,v 1.1 2020/05/14 16:08:07 nia Exp $
+
+Various sanity fixes from upstream preventing potential
+security problems.
+
+--- IMG_lbm.c.orig     2012-01-21 01:51:33.000000000 +0000
++++ IMG_lbm.c
+@@ -187,7 +187,12 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *
+ 
+               if ( !memcmp( id, "CMAP", 4 ) ) /* palette ( Color Map ) */
+               {
+-                      if ( !SDL_RWread( src, &colormap, size, 1 ) )
++                      if (size > sizeof (colormap)) {
++                              error="colormap size is too large";
++                              goto done;
++                      }
++
++                      if ( !SDL_RWread( src, colormap, size, 1 ) )
+                       {
+                               error="error reading CMAP chunk";
+                               goto done;
+@@ -242,14 +247,14 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *
+       /* Allocate memory for a temporary buffer ( used for
+            decompression/deinterleaving ) */
+ 
+-      MiniBuf = (void *)malloc( bytesperline * (nbplanes + stencil) );
++      MiniBuf = (Uint8 *)malloc( bytesperline * (nbplanes + stencil) );
+       if ( MiniBuf == NULL )
+       {
+-              error="no enough memory for temporary buffer";
++              error="not enough memory for temporary buffer";
+               goto done;
+       }
+ 
+-      if ( ( Image = SDL_CreateRGBSurface( SDL_SWSURFACE, width, bmhd.h, (bmhd.planes==24 || flagHAM==1)?24:8, 0, 0, 0, 0 ) ) == NULL )
++      if ( ( Image = SDL_CreateRGBSurface( SDL_SWSURFACE, width, bmhd.h, (nbplanes==24 || flagHAM==1)?24:8, 0, 0, 0, 0 ) ) == NULL )
+          goto done;
+ 
+       if ( bmhd.mask & 2 )               /* There is a transparent color */
+@@ -276,7 +281,7 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *
+               /* The 32 last colors are the same but divided by 2 */
+               /* Some Amiga pictures save 64 colors with 32 last wrong colors, */
+               /* they shouldn't !, and here we overwrite these 32 bad colors. */
+-              if ( (nbcolors==32 || flagEHB ) && (1<<bmhd.planes)==64 )
++              if ( (nbcolors==32 || flagEHB ) && (1<<nbplanes)==64 )
+               {
+                       nbcolors = 64;
+                       ptr = &colormap[0];
+@@ -290,8 +295,8 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *
+ 
+               /* If nbcolors < 2^nbplanes, repeat the colormap */
+               /* This happens when pictures have a stencil mask */
+-              if ( nbrcolorsfinal > (1<<bmhd.planes) ) {
+-                      nbrcolorsfinal = (1<<bmhd.planes);
++              if ( nbrcolorsfinal > (1<<nbplanes) ) {
++                      nbrcolorsfinal = (1<<nbplanes);
+               }
+               for ( i=nbcolors; i < (Uint32)nbrcolorsfinal; i++ )
+               {
+@@ -365,7 +370,7 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *
+ 
+               /* One line has been read, store it ! */
+ 
+-              ptr = Image->pixels;
++              ptr = (Uint8 *)Image->pixels;
+               if ( nbplanes==24 || flagHAM==1 )
+                       ptr += h * width * 3;
+               else
+@@ -449,19 +454,15 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *
+                                               {
+                                                       finalcolor = pixelcolor;
+                                               }
+-                                              if ( SDL_BYTEORDER == SDL_LIL_ENDIAN )
+-                                              {
+-                                                      *ptr++ = (Uint8)(finalcolor>>16);
+-                                                      *ptr++ = (Uint8)(finalcolor>>8);
+-                                                      *ptr++ = (Uint8)(finalcolor);
+-                                              }
+-                                              else
+-                                              {
+-                                                      *ptr++ = (Uint8)(finalcolor);
+-                                                      *ptr++ = (Uint8)(finalcolor>>8);
+-                                                      *ptr++ = (Uint8)(finalcolor>>16);
+-                                              }
+-
++#if SDL_BYTEORDER == SDL_LIL_ENDIAN
++                                              *ptr++ = (Uint8)(finalcolor>>16);
++                                              *ptr++ = (Uint8)(finalcolor>>8);
++                                              *ptr++ = (Uint8)(finalcolor);
++#else
++                                              *ptr++ = (Uint8)(finalcolor);
++                                              *ptr++ = (Uint8)(finalcolor>>8);
++                                              *ptr++ = (Uint8)(finalcolor>>16);
++#endif
+                                               maskBit = maskBit>>1;
+                                       }
+                               }
Index: pkgsrc/graphics/SDL_image/patches/patch-IMG__pcx.c
diff -u /dev/null pkgsrc/graphics/SDL_image/patches/patch-IMG__pcx.c:1.1
--- /dev/null   Thu May 14 16:08:07 2020
+++ pkgsrc/graphics/SDL_image/patches/patch-IMG__pcx.c  Thu May 14 16:08:07 2020
@@ -0,0 +1,154 @@
+$NetBSD: patch-IMG__pcx.c,v 1.1 2020/05/14 16:08:07 nia Exp $
+
+Various sanity fixes from upstream preventing potential
+security problems.
+
+--- IMG_pcx.c.orig     2012-01-21 01:51:33.000000000 +0000
++++ IMG_pcx.c
+@@ -100,6 +100,8 @@ SDL_Surface *IMG_LoadPCX_RW(SDL_RWops *s
+       Uint8 *row, *buf = NULL;
+       char *error = NULL;
+       int bits, src_bits;
++      int count = 0;
++      Uint8 ch;
+ 
+       if ( !src ) {
+               /* The error message has been set in SDL_RWFromFile */
+@@ -127,37 +129,37 @@ SDL_Surface *IMG_LoadPCX_RW(SDL_RWops *s
+               bits = 8;
+       } else if(pcxh.BitsPerPixel == 8 && pcxh.NPlanes == 3) {
+               bits = 24;
+-              if ( SDL_BYTEORDER == SDL_LIL_ENDIAN ) {
+-                      Rmask = 0x000000FF;
+-                      Gmask = 0x0000FF00;
+-                      Bmask = 0x00FF0000;
+-              } else {
+-                      Rmask = 0xFF0000;
+-                      Gmask = 0x00FF00;
+-                      Bmask = 0x0000FF;
+-              }
++#if SDL_BYTEORDER == SDL_LIL_ENDIAN
++              Rmask = 0x000000FF;
++              Gmask = 0x0000FF00;
++              Bmask = 0x00FF0000;
++#else
++              Rmask = 0xFF0000;
++              Gmask = 0x00FF00;
++              Bmask = 0x0000FF;
++#endif
+       } else {
+               error = "unsupported PCX format";
+               goto done;
+       }
+       surface = SDL_AllocSurface(SDL_SWSURFACE, width, height,
+                                  bits, Rmask, Gmask, Bmask, Amask);
+-      if ( surface == NULL )
++      if ( surface == NULL ) {
+               goto done;
++      }
+ 
+       bpl = pcxh.NPlanes * pcxh.BytesPerLine;
+-      if (bpl > surface->pitch) {
+-              error = "bytes per line is too large (corrupt?)";
++      buf = (Uint8 *)calloc(bpl, 1);
++      if (!buf) {
++              error = "Out of memory";
++              goto done;
+       }
+-      buf = malloc(bpl);
+-      row = surface->pixels;
++      row = (Uint8 *)surface->pixels;
+       for ( y=0; y<surface->h; ++y ) {
+               /* decode a scan line to a temporary buffer first */
+-              int i, count = 0;
+-              Uint8 ch;
+-              Uint8 *dst = (src_bits == 8) ? row : buf;
++              int i;
+               if ( pcxh.Encoding == 0 ) {
+-                      if(!SDL_RWread(src, dst, bpl, 1)) {
++                      if(!SDL_RWread(src, buf, bpl, 1)) {
+                               error = "file truncated";
+                               goto done;
+                       }
+@@ -168,46 +170,54 @@ SDL_Surface *IMG_LoadPCX_RW(SDL_RWops *s
+                                               error = "file truncated";
+                                               goto done;
+                                       }
+-                                      if( (ch & 0xc0) == 0xc0) {
+-                                              count = ch & 0x3f;
++                                      if (ch < 0xc0) {
++                                              count = 1;
++                                      } else {
++                                              count = ch - 0xc0;
+                                               if(!SDL_RWread(src, &ch, 1, 1)) {
+                                                       error = "file truncated";
+                                                       goto done;
+                                               }
+-                                      } else
+-                                              count = 1;
++                                      }
+                               }
+-                              dst[i] = ch;
++                              buf[i] = ch;
+                               count--;
+                       }
+               }
+ 
+               if(src_bits <= 4) {
+                       /* expand planes to 1 byte/pixel */
+-                      Uint8 *src = buf;
++                      Uint8 *innerSrc = buf;
+                       int plane;
+                       for(plane = 0; plane < pcxh.NPlanes; plane++) {
+-                              int i, j, x = 0;
+-                              for(i = 0; i < pcxh.BytesPerLine; i++) {
+-                                      Uint8 byte = *src++;
+-                                      for(j = 7; j >= 0; j--) {
+-                                              unsigned bit = (byte >> j) & 1;
++                              int j, k, x = 0;
++                              for(j = 0; j < pcxh.BytesPerLine; j++) {
++                                      Uint8 byte = *innerSrc++;
++                                      for(k = 7; k >= 0; k--) {
++                                              unsigned bit = (byte >> k) & 1;
+                                               /* skip padding bits */
+-                                              if (i * 8 + j >= width)
++                                              if (j * 8 + k >= width)
+                                                       continue;
+                                               row[x++] |= bit << plane;
+                                       }
+                               }
+                       }
++              } else if(src_bits == 8) {
++                      /* Copy the row directly */
++                      memcpy(row, buf, SDL_min(width, bpl));
+               } else if(src_bits == 24) {
+                       /* de-interlace planes */
+-                      Uint8 *src = buf;
++                      Uint8 *innerSrc = buf;
+                       int plane;
+                       for(plane = 0; plane < pcxh.NPlanes; plane++) {
+                               int x;
+-                              dst = row + plane;
++                              Uint8 *dst = row + plane;
+                               for(x = 0; x < width; x++) {
+-                                      *dst = *src++;
++                                      if (dst >= row+surface->pitch) {
++                                              error = "decoding out of bounds (corrupt?)";
++                                              goto done;
++                                      }
++                                      *dst = *innerSrc++;
+                                       dst += pcxh.NPlanes;
+                               }
+                       }
+@@ -227,8 +237,9 @@ SDL_Surface *IMG_LoadPCX_RW(SDL_RWops *s
+                       /* look for a 256-colour palette */
+                       do {
+                               if ( !SDL_RWread(src, &ch, 1, 1)) {
+-                                      error = "file truncated";
+-                                      goto done;
++                                      /* Couldn't find the palette, try the end of the file */
++                                      SDL_RWseek(src, -768, RW_SEEK_END);
++                                      break;
+                               }
+                       } while ( ch != 12 );
+ 
Index: pkgsrc/graphics/SDL_image/patches/patch-IMG__xpm.c
diff -u /dev/null pkgsrc/graphics/SDL_image/patches/patch-IMG__xpm.c:1.1
--- /dev/null   Thu May 14 16:08:07 2020
+++ pkgsrc/graphics/SDL_image/patches/patch-IMG__xpm.c  Thu May 14 16:08:07 2020
@@ -0,0 +1,130 @@
+$NetBSD: patch-IMG__xpm.c,v 1.1 2020/05/14 16:08:07 nia Exp $
+
+Various sanity fixes from upstream preventing potential
+security problems.
+
+--- IMG_xpm.c.orig     2012-01-21 01:51:33.000000000 +0000
++++ IMG_xpm.c
+@@ -106,7 +106,7 @@ static struct color_hash *create_colorha
+ 
+       /* we know how many entries we need, so we can allocate
+          everything here */
+-      hash = malloc(sizeof *hash);
++      hash = (struct color_hash *)calloc(1, sizeof(*hash));
+       if(!hash)
+               return NULL;
+ 
+@@ -115,15 +115,32 @@ static struct color_hash *create_colorha
+               ;
+       hash->size = s;
+       hash->maxnum = maxnum;
++
+       bytes = hash->size * sizeof(struct hash_entry **);
+-      hash->entries = NULL;   /* in case malloc fails */
+-      hash->table = malloc(bytes);
+-      if(!hash->table)
++      /* Check for overflow */
++      if ((bytes / sizeof(struct hash_entry **)) != hash->size) {
++              IMG_SetError("memory allocation overflow");
++              free(hash);
++              return NULL;
++      }
++      hash->table = (struct hash_entry **)calloc(1, bytes);
++      if(!hash->table) {
++              free(hash);
++              return NULL;
++      }
++
++      bytes = maxnum * sizeof(struct hash_entry);
++      /* Check for overflow */
++      if ((bytes / sizeof(struct hash_entry)) != maxnum) {
++              IMG_SetError("memory allocation overflow");
++              free(hash->table);
++              free(hash);
+               return NULL;
+-      memset(hash->table, 0, bytes);
+-      hash->entries = malloc(maxnum * sizeof(struct hash_entry));
++      }
++      hash->entries = (struct hash_entry *)calloc(1, bytes);
+       if(!hash->entries) {
+               free(hash->table);
++              free(hash);
+               return NULL;
+       }
+       hash->next_free = hash->entries;
+@@ -158,7 +175,7 @@ static Uint32 get_colorhash(struct color
+ 
+ static void free_colorhash(struct color_hash *hash)
+ {
+-      if(hash && hash->table) {
++      if(hash) {
+               free(hash->table);
+               free(hash->entries);
+               free(hash);
+@@ -262,7 +279,7 @@ static char *get_next_line(char ***lines
+                       len += 4;       /* "\",\n\0" */
+                       if(len > buflen){
+                               buflen = len;
+-                              linebufnew = realloc(linebuf, buflen);
++                              linebufnew = (char *)realloc(linebuf, buflen);
+                               if(!linebufnew) {
+                                       free(linebuf);
+                                       error = "Out of memory";
+@@ -282,7 +299,7 @@ static char *get_next_line(char ***lines
+                                       if(buflen == 0)
+                                               buflen = 16;
+                                       buflen *= 2;
+-                                      linebufnew = realloc(linebuf, buflen);
++                                      linebufnew = (char *)realloc(linebuf, buflen);
+                                       if(!linebufnew) {
+                                               free(linebuf);
+                                               error = "Out of memory";
+@@ -359,7 +376,12 @@ static SDL_Surface *load_xpm(char **xpm,
+               goto done;
+       }
+ 
+-      keystrings = malloc(ncolors * cpp);
++      /* Check for allocation overflow */
++      if ((size_t)(ncolors * cpp)/cpp != ncolors) {
++              error = "Invalid color specification";
++              goto done;
++      }
++      keystrings = (char *)malloc(ncolors * cpp);
+       if(!keystrings) {
+               error = "Out of memory";
+               goto done;
+@@ -426,8 +448,9 @@ static SDL_Surface *load_xpm(char **xpm,
+                               c->g = (Uint8)(rgb >> 8);
+                               c->b = (Uint8)(rgb);
+                               pixel = index;
+-                      } else
++                      } else {
+                               pixel = rgb;
++                      }
+                       add_colorhash(colors, nextkey, cpp, pixel);
+                       nextkey += cpp;
+                       if(rgb == 0xffffffff)
+@@ -438,9 +461,11 @@ static SDL_Surface *load_xpm(char **xpm,
+ 
+       /* Read the pixels */
+       pixels_len = w * cpp;
+-      dst = image->pixels;
++      dst = (Uint8 *)image->pixels;
+       for(y = 0; y < h; y++) {
+               line = get_next_line(xpmlines, src, pixels_len);
++              if (!line)
++                      goto done;
+               if(indexed) {
+                       /* optimization for some common cases */
+                       if(cpp == 1)
+@@ -489,6 +514,10 @@ SDL_Surface *IMG_LoadXPM_RW(SDL_RWops *s
+ 
+ SDL_Surface *IMG_ReadXPMFromArray(char **xpm)
+ {
++      if ( !xpm ) {
++              IMG_SetError("array is NULL");
++              return NULL;
++      }
+       return load_xpm(xpm, NULL);
+ }
+ 



Home | Main Index | Thread Index | Old Index