From d9e1036e0f88601f600c1d1226793dab5c37a8c7 Mon Sep 17 00:00:00 2001
From: Sam Lantinga <slouken@libsdl.org>
Date: Fri, 6 Oct 2017 16:17:50 -0700
Subject: [PATCH] Fixed potential overflow in surface allocation (thanks Yves!)

---
 src/video/SDL_surface.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/video/SDL_surface.c b/src/video/SDL_surface.c
index cabe7e093..721c47740 100644
--- a/src/video/SDL_surface.c
+++ b/src/video/SDL_surface.c
@@ -80,7 +80,15 @@ SDL_CreateRGBSurfaceWithFormat(Uint32 flags, int width, int height, int depth,
 
     /* Get the pixels */
     if (surface->w && surface->h) {
-        surface->pixels = SDL_malloc(surface->h * surface->pitch);
+        int size = (surface->h * surface->pitch);
+        if (size < 0 || (size / surface->pitch) != surface->h) {
+            /* Overflow... */
+            SDL_FreeSurface(surface);
+            SDL_OutOfMemory();
+            return NULL;
+        }
+
+        surface->pixels = SDL_malloc(size);
         if (!surface->pixels) {
             SDL_FreeSurface(surface);
             SDL_OutOfMemory();