aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrancesco Colista <fcolista@alpinelinux.org>2019-10-21 20:28:57 +0000
committerFrancesco Colista <fcolista@alpinelinux.org>2019-10-21 20:40:28 +0000
commitef600f7e27d5bb9660544715031a49cb9887ef41 (patch)
tree6c11aa0b98356008dc7e70deacca0a07bcdafa76
parent1833ad9258bf53ebd1f42ccecc5bbf2696c7e19a (diff)
downloadaports-ef600f7e27d5bb9660544715031a49cb9887ef41.tar.bz2
aports-ef600f7e27d5bb9660544715031a49cb9887ef41.tar.xz
main/sdl2_image: security fix for CVE-2019-13616.
Fixes #10879
-rw-r--r--main/sdl2_image/CVE-2019-13616.patch24
1 files changed, 24 insertions, 0 deletions
diff --git a/main/sdl2_image/CVE-2019-13616.patch b/main/sdl2_image/CVE-2019-13616.patch
new file mode 100644
index 0000000000..cb0fe87a38
--- /dev/null
+++ b/main/sdl2_image/CVE-2019-13616.patch
@@ -0,0 +1,24 @@
+
+# HG changeset patch
+# User Sam Lantinga <slouken@libsdl.org>
+# Date 1564509612 25200
+# Node ID ba45f00879ba0b957780e1fd28304c41503c1737
+# Parent f1baffa48926c4c76f482f21a240667e9159d1d5
+Fixed bug 4538 - validate image size when loading BMP files
+
+diff -r f1baffa48926 -r ba45f00879ba IMG_bmp.c
+--- a/IMG_bmp.c Tue Jul 30 10:16:02 2019 -0700
++++ b/IMG_bmp.c Tue Jul 30 11:00:12 2019 -0700
+@@ -351,6 +351,11 @@
+ SDL_RWseek(src, (biSize - headerSize), RW_SEEK_CUR);
+ }
+ }
++ if (biWidth <= 0 || biHeight == 0) {
++ IMG_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
++ was_error = SDL_TRUE;
++ goto done;
++ }
+ if (biHeight < 0) {
+ topDown = SDL_TRUE;
+ biHeight = -biHeight;
+