From ebb814310acff35ce40b405c4ef4fa8dbdd49a42 Mon Sep 17 00:00:00 2001
From: Sylvain Becker <sylvain.becker@gmail.com>
Date: Fri, 29 Jan 2021 12:04:48 +0100
Subject: [PATCH] Add checks for maximun scaling size (see bug #5510)

---
 src/video/SDL_stretch.c | 5 +++++
 src/video/SDL_surface.c | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/src/video/SDL_stretch.c b/src/video/SDL_stretch.c
index eec1cc62d..8b5512fe2 100644
--- a/src/video/SDL_stretch.c
+++ b/src/video/SDL_stretch.c
@@ -94,6 +94,11 @@ SDL_UpperSoftStretch(SDL_Surface * src, const SDL_Rect * srcrect,
         return 0;
     }
 
+    if (srcrect->w > SDL_MAX_UINT16 || srcrect->h > SDL_MAX_UINT16 ||
+        dstrect->w > SDL_MAX_UINT16 || dstrect->h > SDL_MAX_UINT16) {
+        return SDL_SetError("Too large size for scaling");
+    }
+
     /* Lock the destination if it's in hardware */
     dst_locked = 0;
     if (SDL_MUSTLOCK(dst)) {
diff --git a/src/video/SDL_surface.c b/src/video/SDL_surface.c
index 2550f92e1..0ff6f2a1f 100644
--- a/src/video/SDL_surface.c
+++ b/src/video/SDL_surface.c
@@ -931,6 +931,11 @@ SDL_PrivateLowerBlitScaled(SDL_Surface * src, SDL_Rect * srcrect,
         SDL_COPY_COLORKEY
     );
 
+    if (srcrect->w > SDL_MAX_UINT16 || srcrect->h > SDL_MAX_UINT16 ||
+        dstrect->w > SDL_MAX_UINT16 || dstrect->h > SDL_MAX_UINT16) {
+        return SDL_SetError("Too large size for scaling");
+    }
+
     if (!(src->map->info.flags & SDL_COPY_NEAREST)) {
         src->map->info.flags |= SDL_COPY_NEAREST;
         SDL_InvalidateMap(src->map);