Loading an image through SDL_image’s showimage can lead to overflow in SDL_UpperBlit

These attachments are available in the static archive:

Reported in version: 2.0.4
Reported for operating system, platform: Linux, x86_64

On 2018-09-29 21:20:53 +0000, janisozaur wrote:

Created attachment 3331
overflow-detect.diff

Trying to load an image with SDL can cause signed integer overflow (aka undefined behaviour) in SDL_UpperBlit

Attached are:

• snippet highlighting the issue
• XCF file that triggers both added checks

On 2018-09-29 21:21:43 +0000, janisozaur wrote:

Created attachment 3332
overflow.xcf

On 2018-09-29 21:24:46 +0000, janisozaur wrote:

It appears some of the affected values are not getting clipped to what’s viewable, but I don’t know the code enough to say what it should do instead of current version.

On 2019-05-18 18:48:54 +0000, Ryan C. Gordon wrote:

Tagging a bunch of bugs with “target-2.0.10” so we have a clear list of things to address before a 2.0.10 release.

Please note that “addressing” one of these bugs might mean deciding to defer on it until after 2.0.10, or resolving it as WONTFIX, etc. This is just here to tell us we should look at it carefully, and soon.

If you have new information or feedback on this issue, this is a good time to add it to the conversation, as we’re likely to be paying attention to this specific report in the next few days/weeks.

Thanks!

–ryan.

On 2019-05-19 18:33:50 +0000, Sam Lantinga wrote:

SDL_image will no longer load this image, due to it being malformed.