Commit bf076c22adc9b6f9b4dd82e0e51d70779b7ccd4e
2016-10-07T17:30:21
Fixed bug 2957 - De-reference rz_src without NULL check in SDLgfx_rotateSurface function Nitz In function SDLgfx_rotateSurface: rz_dst = SDL_CreateRGBSurface(SDL_SWSURFACE, dstwidth, dstheight + GUARD_ROWS, rz_src->format->Rmask, rz_src->format->Gmask, rz_src->format->Bmask, rz_src->format->Amask); Here rz_src get De-referenced without NULL check, which is risky.
diff --git a/src/render/software/SDL_rotate.c b/src/render/software/SDL_rotate.c
index 5418c9e..356f6c1 100644
--- a/src/render/software/SDL_rotate.c
+++ b/src/render/software/SDL_rotate.c
@@ -378,10 +378,12 @@ SDLgfx_rotateSurface(SDL_Surface * src, double angle, int centerx, int centery,
#endif
);
rz_src = SDL_ConvertSurfaceFormat(src, format, src->flags);
+ if (rz_src == NULL) {
+ return NULL;
+ }
is32bit = 1;
}
-
/* Determine target size */
/* _rotozoomSurfaceSizeTrig(rz_src->w, rz_src->h, angle, &dstwidth, &dstheight, &cangle, &sangle); */
@@ -394,7 +396,6 @@ SDLgfx_rotateSurface(SDL_Surface * src, double angle, int centerx, int centery,
/*
* Alloc space to completely contain the rotated surface
*/
- rz_dst = NULL;
if (is32bit) {
/*
* Target surface is 32bit with source RGBA/ABGR ordering