File SDL-bnc1062784-check-overflow-xcf-props.patch of Package SDL2.7397

# Based on upstream patch: 81a4950907a01359f2f9390875291eb3951e6c6b

Index: SDL2-2.0.3/include/SDL_stdinc.h
===================================================================
--- SDL2-2.0.3.orig/include/SDL_stdinc.h
+++ SDL2-2.0.3/include/SDL_stdinc.h
@@ -148,6 +148,7 @@ typedef uint16_t Uint16;
 /**
  * \brief A signed 32-bit integer type.
  */
+#define SDL_MAX_SINT32  ((Sint32)0x7FFFFFFF)    /* 2147483647 */
 typedef int32_t Sint32;
 /**
  * \brief An unsigned 32-bit integer type.
Index: SDL2-2.0.3/src/video/SDL_surface.c
===================================================================
--- SDL2-2.0.3.orig/src/video/SDL_surface.c
+++ SDL2-2.0.3/src/video/SDL_surface.c
@@ -26,6 +26,9 @@
 #include "SDL_RLEaccel_c.h"
 #include "SDL_pixels_c.h"
 
+/* Check to make sure we can safely check multiplication of surface w and pitch and it won't overflow size_t */
+SDL_COMPILE_TIME_ASSERT(surface_size_assumptions,
+    sizeof(int) == sizeof(Sint32) && sizeof(size_t) >= sizeof(Sint32));
 
 /* Public routines */
 /*
@@ -88,7 +91,16 @@ SDL_CreateRGBSurface(Uint32 flags,
 
     /* Get the pixels */
     if (surface->w && surface->h) {
-        surface->pixels = SDL_malloc(surface->h * surface->pitch);
+        /* Assumptions checked in surface_size_assumptions assert above */
+        Sint64 size = ((Sint64)surface->h * surface->pitch);
+        if (size < 0 || size > SDL_MAX_SINT32) {
+            /* Overflow... */
+            SDL_FreeSurface(surface);
+            SDL_OutOfMemory();
+            return NULL;
+        }
+
+        surface->pixels = SDL_malloc((size_t)size);
         if (!surface->pixels) {
             SDL_FreeSurface(surface);
             SDL_OutOfMemory();