From 0e521a7779b0a214c4cd9bcb751844deafbfce21 Mon Sep 17 00:00:00 2001
From: Bill Currie <bill@taniwha.org>
Date: Thu, 29 Dec 2011 11:27:54 +0900
Subject: [PATCH] Correctly detect going past the end of the pcx data.

palette is just that, the palette, and often won't point to the end of the
pcx data. Use the right end :).
---
 libs/image/pcx.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/libs/image/pcx.c b/libs/image/pcx.c
index a29306223..55a3ec8d8 100644
--- a/libs/image/pcx.c
+++ b/libs/image/pcx.c
@@ -55,6 +55,7 @@ LoadPCX (QFile *f, qboolean convert, byte *pal)
 	pcx_t      *pcx;
 	int         pcx_mark;
 	byte       *palette;
+	byte       *end;
 	byte       *pix;
 	byte       *dataByte;
 	int         runLength = 1;
@@ -85,7 +86,7 @@ LoadPCX (QFile *f, qboolean convert, byte *pal)
 		return 0;
 	}
 
-	palette = ((byte *) pcx) + fsize - 768;
+	end = palette = ((byte *) pcx) + fsize - 768;
 	dataByte = (byte *) &pcx[1];
 
 	count = (pcx->xmax + 1) * (pcx->ymax + 1);
@@ -106,12 +107,12 @@ LoadPCX (QFile *f, qboolean convert, byte *pal)
 	pix = tex->data;
 
 	while (count) {
-		if (dataByte >= palette)
+		if (dataByte >= end)
 			break;
 
 		if ((*dataByte & 0xC0) == 0xC0) {
 			runLength = *dataByte++ & 0x3F;
-			if (dataByte >= palette)
+			if (dataByte >= end)
 				break;
 		} else {
 			runLength = 1;