# HG changeset patch
# User Matti Hamalainen <ccr@tnsp.org>
# Date 1509917273 -7200
# Node ID 56f643d647b772c14317f3ab236ee40ea0d54f40
# Parent  d8a509d72449b5a89485cf0494bb6e130a504c48
Better fix for the RLE decoding bounds issue, not changing
dmDecodeGenericRLE() API.

diff -r d8a509d72449 -r 56f643d647b7 tools/lib64gfx.c
--- a/tools/lib64gfx.c	Sun Nov 05 23:27:05 2017 +0200
+++ b/tools/lib64gfx.c	Sun Nov 05 23:27:53 2017 +0200
@@ -306,7 +306,7 @@
     int res;
     Uint8 *mem = NULL, *end;
 
-    if ((res = dmDecodeGenericRLE(&mem, &end, buf + 0x0e, buf + len, *(buf + 0x0d))) != DMERR_OK)
+    if ((res = dmDecodeGenericRLE(&mem, &end, buf + 0x0e, buf + len - 1, *(buf + 0x0d))) != DMERR_OK)
         goto out;
 
     res = dmC64DecodeGenericBMP(img, mem, end - mem + 1, fmt);
@@ -377,7 +377,7 @@
     int res;
     Uint8 *mem = NULL, *end;
 
-    if ((res = dmDecodeGenericRLE(&mem, &end, buf, buf + len, 0xC2)) != DMERR_OK)
+    if ((res = dmDecodeGenericRLE(&mem, &end, buf, buf + len - 1, 0xC2)) != DMERR_OK)
         goto out;
 
     res = dmC64DecodeGenericBMP(img, mem, end - mem + 1, fmt);
@@ -491,7 +491,7 @@
     int res;
     Uint8 *mem = NULL, *end;
 
-    if ((res = dmDecodeGenericRLE(&mem, &end, buf + FUNPAINT2_HEADER_SIZE, buf + len, *(buf + 15))) != DMERR_OK)
+    if ((res = dmDecodeGenericRLE(&mem, &end, buf + FUNPAINT2_HEADER_SIZE, buf + len - 1, *(buf + 15))) != DMERR_OK)
         goto out;
 
     res = dmC64DecodeGenericBMP(img, mem, end - mem + 1, fmt);