From 91c4a451efc1ac150afeb8a0275049cdc22bd26d Mon Sep 17 00:00:00 2001
From: Bambo-Borris <canyoufeelit4@gmail.com>
Date: Fri, 17 Jun 2022 18:04:43 +0100
Subject: [PATCH] Fix out of bounds read for `sf::Image::copy()` with bad
 `sourceRect`

---
 src/SFML/Graphics/Image.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/SFML/Graphics/Image.cpp b/src/SFML/Graphics/Image.cpp
index d17ccf458..2cec9000a 100644
--- a/src/SFML/Graphics/Image.cpp
+++ b/src/SFML/Graphics/Image.cpp
@@ -177,6 +177,11 @@ void Image::copy(const Image& source, const Vector2u& dest, const IntRect& sourc
     if ((source.m_size.x == 0) || (source.m_size.y == 0) || (m_size.x == 0) || (m_size.y == 0))
         return;
 
+    // Make sure the sourceRect left & top  and the {left, top} + {width, height} within bounds
+    if (static_cast<unsigned int>(sourceRect.left) >= source.m_size.x || static_cast<unsigned int>(sourceRect.left + sourceRect.width) > source.m_size.x ||
+        static_cast<unsigned int>(sourceRect.top) >= source.m_size.y || static_cast<unsigned int>(sourceRect.top + sourceRect.height) > source.m_size.y)
+        return;
+
     // Adjust the source rectangle
     IntRect srcRect = sourceRect;
     if (srcRect.width == 0 || (srcRect.height == 0))