main/sdl2_image: security fix for CVE-2019-13616. Added missing patch

author: Francesco Colista <fcolista@alpinelinux.org> 2019-10-21 20:28:57 +0000
committer: Francesco Colista <fcolista@alpinelinux.org> 2019-10-21 20:28:57 +0000
commit: 7b2073189159155185be8152a05470809655b7b1 (patch)
tree: 5f9930dce81567e9ffba7bdcce74c8e9b06b6404 /main
parent: 1fe32d61beb6c5514a0fb76fc98cf6feab7aae65 (diff)
download: aports-7b2073189159155185be8152a05470809655b7b1.tar.bz2
aports-7b2073189159155185be8152a05470809655b7b1.tar.xz
1 files changed, 24 insertions, 0 deletions
diff --git a/main/sdl2_image/CVE-2019-13616.patch b/main/sdl2_image/CVE-2019-13616.patch
new file mode 100644
index 0000000000..cb0fe87a38
--- /dev/null
+++ b/main/sdl2_image/CVE-2019-13616.patch
@@ -0,0 +1,24 @@
+
+# HG changeset patch
+# User Sam Lantinga <slouken@libsdl.org>
+# Date 1564509612 25200
+# Node ID ba45f00879ba0b957780e1fd28304c41503c1737
+# Parent  f1baffa48926c4c76f482f21a240667e9159d1d5
+Fixed bug 4538 - validate image size when loading BMP files
+
+diff -r f1baffa48926 -r ba45f00879ba IMG_bmp.c
+--- a/IMG_bmp.c	Tue Jul 30 10:16:02 2019 -0700
++++ b/IMG_bmp.c	Tue Jul 30 11:00:12 2019 -0700
+@@ -351,6 +351,11 @@
+             SDL_RWseek(src, (biSize - headerSize), RW_SEEK_CUR);
+         }
+     }
++    if (biWidth <= 0 || biHeight == 0) {
++        IMG_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
++        was_error = SDL_TRUE;
++        goto done;
++    }
+     if (biHeight < 0) {
+         topDown = SDL_TRUE;
+         biHeight = -biHeight;
+
author	Francesco Colista <fcolista@alpinelinux.org>	2019-10-21 20:28:57 +0000
committer	Francesco Colista <fcolista@alpinelinux.org>	2019-10-21 20:28:57 +0000
commit	7b2073189159155185be8152a05470809655b7b1 (patch)
tree	5f9930dce81567e9ffba7bdcce74c8e9b06b6404 /main
parent	1fe32d61beb6c5514a0fb76fc98cf6feab7aae65 (diff)
download	aports-7b2073189159155185be8152a05470809655b7b1.tar.bz2 aports-7b2073189159155185be8152a05470809655b7b1.tar.xz