From bf076c22adc9b6f9b4dd82e0e51d70779b7ccd4e Mon Sep 17 00:00:00 2001
From: Sam Lantinga <slouken@libsdl.org>
Date: Fri, 7 Oct 2016 17:30:21 -0700
Subject: [PATCH] Fixed bug 2957 - De-reference rz_src without NULL check in
 SDLgfx_rotateSurface function

Nitz

In function SDLgfx_rotateSurface:

rz_dst =
            SDL_CreateRGBSurface(SDL_SWSURFACE, dstwidth, dstheight + GUARD_ROWS,
            rz_src->format->Rmask, rz_src->format->Gmask,
            rz_src->format->Bmask, rz_src->format->Amask);

Here rz_src get De-referenced without NULL check, which is risky.
---
 src/render/software/SDL_rotate.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/render/software/SDL_rotate.c b/src/render/software/SDL_rotate.c
index 5418c9e20..356f6c1c7 100644
--- a/src/render/software/SDL_rotate.c
+++ b/src/render/software/SDL_rotate.c
@@ -378,10 +378,12 @@ SDLgfx_rotateSurface(SDL_Surface * src, double angle, int centerx, int centery,
 #endif
         );
         rz_src = SDL_ConvertSurfaceFormat(src, format, src->flags);
+        if (rz_src == NULL) {
+            return NULL;
+        }
         is32bit = 1;
     }
 
-
     /* Determine target size */
     /* _rotozoomSurfaceSizeTrig(rz_src->w, rz_src->h, angle, &dstwidth, &dstheight, &cangle, &sangle); */
 
@@ -394,7 +396,6 @@ SDLgfx_rotateSurface(SDL_Surface * src, double angle, int centerx, int centery,
     /*
     * Alloc space to completely contain the rotated surface
     */
-    rz_dst = NULL;
     if (is32bit) {
         /*
         * Target surface is 32bit with source RGBA/ABGR ordering