main/sdl2_image/CVE-2019-13616.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24


# HG changeset patch
# User Sam Lantinga <slouken@libsdl.org>
# Date 1564509612 25200
# Node ID ba45f00879ba0b957780e1fd28304c41503c1737
# Parent  f1baffa48926c4c76f482f21a240667e9159d1d5
Fixed bug 4538 - validate image size when loading BMP files

diff -r f1baffa48926 -r ba45f00879ba IMG_bmp.c
--- a/IMG_bmp.c	Tue Jul 30 10:16:02 2019 -0700
+++ b/IMG_bmp.c	Tue Jul 30 11:00:12 2019 -0700
@@ -351,6 +351,11 @@
             SDL_RWseek(src, (biSize - headerSize), RW_SEEK_CUR);
         }
     }
+    if (biWidth <= 0 || biHeight == 0) {
+        IMG_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
+        was_error = SDL_TRUE;
+        goto done;
+    }
     if (biHeight < 0) {
         topDown = SDL_TRUE;
         biHeight = -biHeight;