# HG changeset patch
# User Sam Lantinga <slouken@libsdl.org>
# Date 1507331870 25200
#      Fri Oct 06 16:17:50 2017 -0700
# Node ID 7e0f1498ddb549a338a220534875529ef0ba55ce
# Parent  dc7245e3d1f2ae032caa7776940af4aebe6afc05
Fixed potential overflow in surface allocation (thanks Yves!)

diff -r dc7245e3d1f2 -r 7e0f1498ddb5 src/video/SDL_surface.c
--- a/src/video/SDL_surface.c	Thu Oct 05 09:37:28 2017 -0700
+++ b/src/video/SDL_surface.c	Fri Oct 06 16:17:50 2017 -0700
@@ -80,7 +80,15 @@
 
     /* Get the pixels */
     if (surface->w && surface->h) {
-        surface->pixels = SDL_malloc(surface->h * surface->pitch);
+        int size = (surface->h * surface->pitch);
+        if (size < 0 || (size / surface->pitch) != surface->h) {
+            /* Overflow... */
+            SDL_FreeSurface(surface);
+            SDL_OutOfMemory();
+            return NULL;
+        }
+
+        surface->pixels = SDL_malloc(size);
         if (!surface->pixels) {
             SDL_FreeSurface(surface);
             SDL_OutOfMemory();