From 360e1e97c9c5452431170d2724b3840b817aa5f8 Mon Sep 17 00:00:00 2001
From: Bastien Bouclet
Date: Thu, 13 Sep 2018 22:53:37 +0200
Subject: IMAGE: Check the output surface bounds when writing QT encoded PICT
 images

---
 image/pict.cpp | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'image')

diff --git a/image/pict.cpp b/image/pict.cpp
index 4f4f0396bf..1a1d03d7de 100644
--- a/image/pict.cpp
+++ b/image/pict.cpp
@@ -577,9 +577,14 @@ void PICTDecoder::decodeCompressedQuickTime(Common::SeekableReadStream &stream)
 		_outputSurface = new Graphics::Surface();
 		_outputSurface->create(_imageRect.width(), _imageRect.height(), surface->format);
 	}
+	assert(_outputSurface->format == surface->format);
 
-	for (uint16 y = 0; y < surface->h; y++)
-		memcpy(_outputSurface->getBasePtr(0 + xOffset, y + yOffset), surface->getBasePtr(0, y), surface->w * surface->format.bytesPerPixel);
+	Common::Rect outputRect(surface->w, surface->h);
+	outputRect.translate(xOffset, yOffset);
+	outputRect.clip(_imageRect);
+
+	for (uint16 y = 0; y < outputRect.height(); y++)
+		memcpy(_outputSurface->getBasePtr(outputRect.left, y + outputRect.top), surface->getBasePtr(0, y), outputRect.width() * surface->format.bytesPerPixel);
 
 	stream.seek(startPos + dataSize);
 	delete codec;
-- 
cgit v1.2.3