From 043f8275b82747fef69f03af48415c0fd44cbde2 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Mon, 25 Jun 2018 09:02:24 +0200
Subject: [PATCH] Fix null pointer dereference on very large images.

If xcursorgen encounters a PNG file which is larger than 32767 pixels
in width or height, a null pointer dereference occurs because the
return value of XcursorImageCreate is not checked.

The largest possible value is 32767 for libXcursor, which is a hard
coded limit due to a 16 bit integer used (0x7FFF).

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 xcursorgen.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/xcursorgen.c b/xcursorgen.c
index f292f19..d664799 100644
--- a/xcursorgen.c
+++ b/xcursorgen.c
@@ -262,6 +262,12 @@ load_image (struct flist *list, const char *prefix)
   png_read_update_info (png, info);
 
   image = XcursorImageCreate (width, height);
+  if (image == NULL)
+    {
+      fclose (fp);
+      png_destroy_read_struct (&png, &info, NULL);
+      return NULL;
+    }
 
   image->size = list->size;
   image->xhot = list->xhot;
-- 
2.18.0