From bcaaf97f4ff25b3b5b9e8efeda364e17e80858ec Mon Sep 17 00:00:00 2001
From: wiredfool <eric-github@soroos.net>
Date: Wed, 20 Jan 2016 22:37:28 +0000
Subject: [PATCH] FLI overflow error fix and testcase CVE-2016-0775

---
 Tests/check_fli_overflow.py   |  16 ++++++++++++++++
 Tests/images/fli_overflow.fli | Bin 0 -> 4645 bytes
 libImaging/FliDecode.c        |   2 +-
 3 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 Tests/check_fli_overflow.py
 create mode 100644 Tests/images/fli_overflow.fli

--- libImaging/FliDecode.c
+++ libImaging/FliDecode.c
@@ -185,7 +185,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
 	    /* COPY chunk */
 	    for (y = 0; y < state->ysize; y++) {
 		UINT8* buf = (UINT8*) im->image[y];
-		memcpy(buf+x, data, state->xsize);
+		memcpy(buf, data, state->xsize);
 		data += state->xsize;
 	    }
 	    break;
