Fixed crash in RLE colorkey blitting

Fixes Maelstrom running over sdl2-compat with SDL3
libsdl-org · Oct 9, 2024 · 9023a19 · 9023a19
1 parent f946f87
commit 9023a19
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/src/video/SDL_RLEaccel.c b/src/video/SDL_RLEaccel.c
@@ -1064,7 +1064,7 @@ static bool RLEAlphaSurface(SDL_Surface *surface)
         return false;
     }
     // save the destination format so we can undo the encoding later
-    *(SDL_PixelFormat *)rlebuf = df->format;
+    *(SDL_PixelFormat *)rlebuf = dest->format;
     dst = rlebuf + sizeof(SDL_PixelFormat);
 
     // Do the actual encoding
@@ -1232,6 +1232,7 @@ static const getpix_func getpixes[4] = {
 
 static bool RLEColorkeySurface(SDL_Surface *surface)
 {
+    SDL_Surface *dest;
     Uint8 *rlebuf, *dst;
     int maxn;
     int y;
@@ -1242,6 +1243,11 @@ static bool RLEColorkeySurface(SDL_Surface *surface)
     Uint32 ckey, rgbmask;
     int w, h;
 
+    dest = surface->map.info.dst_surface;
+    if (!dest) {
+        return false;
+    }
+
     // calculate the worst case size for the compressed surface
     switch (bpp) {
     case 1:
@@ -1263,15 +1269,18 @@ static bool RLEColorkeySurface(SDL_Surface *surface)
         return false;
     }
 
+    maxsize += sizeof(SDL_PixelFormat);
     rlebuf = (Uint8 *)SDL_malloc(maxsize);
     if (!rlebuf) {
         return false;
     }
+    // save the destination format so we can undo the encoding later
+    *(SDL_PixelFormat *)rlebuf = dest->format;
 
     // Set up the conversion
     srcbuf = (Uint8 *)surface->pixels;
     maxn = bpp == 4 ? 65535 : 255;
-    dst = rlebuf;
+    dst = rlebuf + sizeof(SDL_PixelFormat);
     rgbmask = ~surface->fmt->Amask;
     ckey = surface->map.info.colorkey & rgbmask;
     lastline = dst;