From f5783ae1dff9ff922c64cd81d1359d66da3a1365 Mon Sep 17 00:00:00 2001
From: Andrey Akhmichin <sepulkarium45@yahoo.com>
Date: Tue, 11 Feb 2020 15:39:05 +0500
Subject: [PATCH] engine: common: imagelib: img_tga.c: check pixel type before
 buffer allocation.

---
 engine/common/imagelib/img_tga.c | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/engine/common/imagelib/img_tga.c b/engine/common/imagelib/img_tga.c
index 69c670e1..85c1d0bb 100644
--- a/engine/common/imagelib/img_tga.c
+++ b/engine/common/imagelib/img_tga.c
@@ -241,9 +241,22 @@ qboolean Image_SaveTGA( const char *name, rgbdata_t *pix )
 	if( FS_FileExists( name, false ) && !Image_CheckFlag( IL_ALLOW_OVERWRITE ))
 		return false; // already existed
 
-	if( pix->flags & IMAGE_HAS_ALPHA )
-		outsize = pix->width * pix->height * 4 + 18 + Q_strlen( comment );
-	else outsize = pix->width * pix->height * 3 + 18 + Q_strlen( comment );
+	// bogus parameter check
+	if( !pix->buffer )
+		return false;
+
+	// get image description
+	switch( pix->type )
+	{
+	case PF_RGB_24:
+	case PF_BGR_24: pixel_size = 3; break;
+	case PF_RGBA_32:
+	case PF_BGRA_32: pixel_size = 4; break;
+	default:
+		return false;
+	}
+
+	outsize = pix->width * pix->height * pixel_size + 18 + Q_strlen( comment );
 
 	buffer = (byte *)Mem_Calloc( host.imagepool, outsize );
 
@@ -259,18 +272,6 @@ qboolean Image_SaveTGA( const char *name, rgbdata_t *pix )
 	Q_strncpy( buffer + 18, comment, Q_strlen( comment )); 
 	out = buffer + 18 + Q_strlen( comment );
 
-	// get image description
-	switch( pix->type )
-	{
-	case PF_RGB_24:
-	case PF_BGR_24: pixel_size = 3; break;
-	case PF_RGBA_32:
-	case PF_BGRA_32: pixel_size = 4; break;	
-	default:
-		Mem_Free( buffer );
-		return false;
-	}
-
 	switch( pix->type )
 	{
 	case PF_RGB_24: