Description: lbm: Don't overflow static colormap buffer. Origin: upstream, https://hg.libsdl.org/SDL_image/rev/bfa08dc02b3c --- a/IMG_lbm.c +++ b/IMG_lbm.c @@ -187,6 +187,11 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *src ) if ( !memcmp( id, "CMAP", 4 ) ) /* palette ( Color Map ) */ { + if (size > sizeof (colormap)) { + error="colormap size is too large"; + goto done; + } + if ( !SDL_RWread( src, &colormap, size, 1 ) ) { error="error reading CMAP chunk";