From a1f83e332fb38b2787e7dd3d4e9488a7996730d9 Mon Sep 17 00:00:00 2001
From: YamaArashi <shadow962@live.com>
Date: Sun, 11 Sep 2016 10:02:01 -0700
Subject: add error check to RL decompression

---
 tools/gbagfx/rl.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'tools')

diff --git a/tools/gbagfx/rl.c b/tools/gbagfx/rl.c
index e90ad808b..968c9347e 100644
--- a/tools/gbagfx/rl.c
+++ b/tools/gbagfx/rl.c
@@ -33,6 +33,9 @@ unsigned char *RLDecompress(unsigned char *src, int srcSize, int *uncompressedSi
             int length = (flags & 0x7F) + 3;
             unsigned char data = src[srcPos++];
 
+            if (destPos + length > destSize)
+                goto fail;
+
             for (int i = 0; i < length; i++)
                 dest[destPos++] = data;
         }
@@ -40,6 +43,9 @@ unsigned char *RLDecompress(unsigned char *src, int srcSize, int *uncompressedSi
         {
             int length = (flags & 0x7F) + 1;
 
+            if (destPos + length > destSize)
+                goto fail;
+
             for (int i = 0; i < length; i++)
                 dest[destPos++] = src[srcPos++];
         }
-- 
cgit v1.2.3