From 9813b460e13b13a2e3271c730f55874133ec11f0 Mon Sep 17 00:00:00 2001
From: cutealien <cutealien@dfc29bdd-3216-0410-991c-e03cc46cb475>
Date: Sat, 23 Sep 2023 19:01:01 +0000
Subject: [PATCH] Fix number overflows in TGA loader causing crashes Image size
 calculation could overflow s32 in one place (but not others where it was done
 correct), which first lead to wrong amount of memory getting allocated for
 image data and later crash in the CColorConverter. Thanks @sfan5 for his
 fuzzing tests @https://github.com/minetest/irrlicht/issues/236 and @erlehmann
 for passing them on:
 https://irrlicht.sourceforge.io/forum/viewtopic.php?t=52925 Also updating
 changes.txt with TGA loader changes from this and previous commits.

git-svn-id: svn://svn.code.sf.net/p/irrlicht/code/trunk@6535 dfc29bdd-3216-0410-991c-e03cc46cb475
---
 source/Irrlicht/CImageLoaderTGA.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/Irrlicht/CImageLoaderTGA.cpp b/source/Irrlicht/CImageLoaderTGA.cpp
index 2410ca13..46225929 100644
--- a/source/Irrlicht/CImageLoaderTGA.cpp
+++ b/source/Irrlicht/CImageLoaderTGA.cpp
@@ -162,7 +162,7 @@ IImage* CImageLoaderTGA::loadImage(io::IReadFile* file) const
 			header.ImageType == 3 // Uncompressed, black and white images
 		)
 	{
-		const s32 imageSize = header.ImageHeight * header.ImageWidth * header.PixelDepth/8;
+		const s32 imageSize = header.ImageHeight * header.ImageWidth * (header.PixelDepth/8);
 		data = new u8[imageSize];
 	  	file->read(data, imageSize);
 	}