c_cpp/raylib
SHA256
8
0
Fork 0
forked from pool/raylib
Code Pull Requests Activity

Compare commits

base: c_cpp:main
Branches Tags
c_cpp:main c_cpp:factory c_cpp:devel pool:factory pool:leap-16.0 pool:leap-16.1
..
compare: pool:factory
Branches Tags
pool:factory pool:leap-16.0 pool:leap-16.1 c_cpp:main c_cpp:factory c_cpp:devel

5 Commits
main ... factory

Author SHA256 Message Date
Ana Guerrero
7954b239c6 Accepting request 1328092 from devel:libraries:c_c++ 
- security update:
  * CVE-2025-15533 [bsc#1256900]
    Fix heap-based buffer overflow via GenImageFontAtlas function manipulation
  * CVE-2025-15534 [bsc#1256901]
    Fix integer overflow vulnerability in LoadFontData
  * Add raylib-CVE-2025-15533-CVE-2025-15534.patch

OBS-URL: https://build.opensuse.org/request/show/1328092
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/raylib?expand=0&rev=14
 2026-01-19 17:39:06 +00:00
Michael Vetter
7ca0429895 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/raylib?expand=0&rev=47 2026-01-19 13:37:41 +00:00
Michael Vetter
be5db03762 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/raylib?expand=0&rev=46 2026-01-19 13:16:37 +00:00
Michael Vetter
a69459cd35 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/raylib?expand=0&rev=45 2026-01-19 13:14:10 +00:00
Michael Vetter
a242d39575 - security update: 
* CVE-2025-15533 [bsc#1256900]
    Fix heap-based buffer overflow via GenImageFontAtlas function manipulation
  * CVE-2025-15534 [bsc#1256901]
    Fix integer overflow vulnerability in LoadFontData
  * Add raylib-CVE-2025-15533-CVE-2025-15534.patch

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/raylib?expand=0&rev=44
 2026-01-19 13:13:12 +00:00
4 changed files with 108 additions and 4 deletions
Expand all files Collapse all files

4
raylib-5.5.obscpio
View File

@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1 version https://git-lfs.github.com/spec/v1
oid sha256:669db82a104664c766bd0fa86a923df49fccc9c8abbabf37060854fbce8d26c4 oid sha256:77a9284668d1572e640f201a7d3ec6450b7f1e87f2486aa233e715e1d2f304be
size 76018702 size 19018765

93
raylib-CVE-2025-15533-CVE-2025-15534.patch Normal file
View File

@@ -0,0 +1,93 @@
Fix CVE-2025-15533 and CVE-2025-15534
Based on 5a3391fdce046bc5473e52afbd835dd2dc127146.
Change glyphs[k] -> chars[i].
Index: raylib-5.5/src/rtext.c
===================================================================
--- raylib-5.5.orig/src/rtext.c
+++ raylib-5.5/src/rtext.c
@@ -695,8 +695,11 @@ GlyphInfo *LoadFontData(const unsigned c
stbtt_GetCodepointHMetrics(&fontInfo, ch, &chars[i].advanceX, NULL);
chars[i].advanceX = (int)((float)chars[i].advanceX*scaleFactor);
+ if (chars[i].advanceX < 0) chars[i].advanceX = 0;
+
Image imSpace = {
.data = RL_CALLOC(chars[i].advanceX*fontSize, 2),
+ .data = (chars[i].advanceX > 0) ? RL_CALLOC(chars[i].advanceX*fontSize, 2) : NULL,
.width = chars[i].advanceX,
.height = fontSize,
.mipmaps = 1,
@@ -796,7 +799,8 @@ Image GenImageFontAtlas(const GlyphInfo
}
#endif
- atlas.data = (unsigned char *)RL_CALLOC(1, atlas.width*atlas.height); // Create a bitmap to store characters (8 bpp)
+ int atlasDataSize = atlas.width * atlas.height; // Save total size for bounds checking
+ atlas.data = (unsigned char *)RL_CALLOC(1, atlasDataSize); // Create a bitmap to store characters (8 bpp)
atlas.format = PIXELFORMAT_UNCOMPRESSED_GRAYSCALE;
atlas.mipmaps = 1;
@@ -841,7 +845,17 @@ Image GenImageFontAtlas(const GlyphInfo
{
for (int x = 0; x < glyphs[i].image.width; x++)
{
- ((unsigned char *)atlas.data)[(offsetY + y)*atlas.width + (offsetX + x)] = ((unsigned char *)glyphs[i].image.data)[y*glyphs[i].image.width + x];
+ int destX = offsetX + x;
+ int destY = offsetY + y;
+
+ // Security fix: check both lower and upper bounds
+ // destX >= 0: prevent heap underflow (#5434)
+ // destX < atlas.width: prevent heap overflow (#5433)
+ if (destX >= 0 && destX < atlas.width && destY >= 0 && destY < atlas.height)
+ {
+ ((unsigned char *)atlas.data)[destY * atlas.width + destX] =
+ ((unsigned char *)glyphs[i].image.data)[y * glyphs[i].image.width + x];
+ }
}
}
@@ -889,7 +903,15 @@ Image GenImageFontAtlas(const GlyphInfo
{
for (int x = 0; x < glyphs[i].image.width; x++)
{
- ((unsigned char *)atlas.data)[(rects[i].y + padding + y)*atlas.width + (rects[i].x + padding + x)] = ((unsigned char *)glyphs[i].image.data)[y*glyphs[i].image.width + x];
+ int destX = rects[i].x + padding + x;
+ int destY = rects[i].y + padding + y;
+
+ // Security fix: check both lower and upper bounds
+ if (destX >= 0 && destX < atlas.width && destY >= 0 && destY < atlas.height)
+ {
+ ((unsigned char *)atlas.data)[destY * atlas.width + destX] =
+ ((unsigned char *)glyphs[i].image.data)[y * glyphs[i].image.width + x];
+ }
}
}
}
@@ -903,14 +925,18 @@ Image GenImageFontAtlas(const GlyphInfo
#if defined(SUPPORT_FONT_ATLAS_WHITE_REC)
// Add a 3x3 white rectangle at the bottom-right corner of the generated atlas,
- // useful to use as the white texture to draw shapes with raylib, using this rectangle
- // shapes and text can be backed into a single draw call: SetShapesTexture()
- for (int i = 0, k = atlas.width*atlas.height - 1; i < 3; i++)
- {
- ((unsigned char *)atlas.data)[k - 0] = 255;
- ((unsigned char *)atlas.data)[k - 1] = 255;
- ((unsigned char *)atlas.data)[k - 2] = 255;
- k -= atlas.width;
+ // useful to use as the white texture to draw shapes with raylib.
+ // [Security Fix] Ensure the atlas is large enough to hold a 3x3 rectangle.
+ // This prevents heap underflow when width < 3 or height < 3 (Fixes #5434 variant)
+ if (atlas.width >= 3 && atlas.height >= 3)
+ {
+ for (int i = 0, k = atlas.width*atlas.height - 1; i < 3; i++)
+ {
+ ((unsigned char *)atlas.data)[k - 0] = 255;
+ ((unsigned char *)atlas.data)[k - 1] = 255;
+ ((unsigned char *)atlas.data)[k - 2] = 255;
+ k -= atlas.width;
+ }
}
#endif

10
raylib.changes
View File

@@ -1,3 +1,13 @@
-------------------------------------------------------------------
Mon Jan 19 13:05:48 UTC 2026 - Michael Vetter <mvetter@suse.com>
- security update:
* CVE-2025-15533 [bsc#1256900]
Fix heap-based buffer overflow via GenImageFontAtlas function manipulation
* CVE-2025-15534 [bsc#1256901]
Fix integer overflow vulnerability in LoadFontData
* Add raylib-CVE-2025-15533-CVE-2025-15534.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Nov 27 07:53:33 UTC 2024 - Michael Vetter <mvetter@suse.com> Wed Nov 27 07:53:33 UTC 2024 - Michael Vetter <mvetter@suse.com>

5
raylib.spec
View File

@@ -1,7 +1,7 @@
# #
# spec file for package raylib # spec file for package raylib
# #
# Copyright (c) 2024 SUSE LLC # Copyright (c) 2026 SUSE LLC and contributors
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@@ -24,6 +24,7 @@ License: Zlib
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
URL: https://www.raylib.com URL: https://www.raylib.com
Source: raylib-%{version}.tar.xz Source: raylib-%{version}.tar.xz
Patch0: raylib-CVE-2025-15533-CVE-2025-15534.patch
BuildRequires: Mesa-libGL-devel BuildRequires: Mesa-libGL-devel
BuildRequires: cmake BuildRequires: cmake
BuildRequires: gcc-c++ BuildRequires: gcc-c++
@@ -57,7 +58,7 @@ Group: System/Libraries
A C library for learning video game programming. A C library for learning video game programming.
%prep %prep
%setup -q %autosetup -p1
%build %build
%cmake \ %cmake \