Description: pcx: don't overflow buffer if bytes-per-line is less than image width. Origin: upstream, https://hg.libsdl.org/SDL_image/rev/2938fc80591a --- a/IMG_pcx.c +++ b/IMG_pcx.c @@ -149,7 +149,7 @@ SDL_Surface *IMG_LoadPCX_RW(SDL_RWops *src) if (bpl > surface->pitch) { error = "bytes per line is too large (corrupt?)"; } - buf = malloc(bpl); + buf = calloc(SDL_max(bpl, surface->pitch), 1); row = surface->pixels; for ( y=0; y<surface->h; ++y ) { /* decode a scan line to a temporary buffer first */