From 49aed970ee6fcb147bcc98008ab3fe43f9c200a02d5f238e782f0bec44226e8d Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Thu, 22 Aug 2019 20:06:02 +0000
Subject: [PATCH] Accepting request 725412 from home:mgorse:branches:games

- Add CVE-2019-13616.patch: fix heap buffer overflow when reading
  a crafted bmp file (boo#1141844 CVE-2019-13616).

    potential security exploits (boo#1142031 CVE-2019-13626)

OBS-URL: https://build.opensuse.org/request/show/725412
OBS-URL: https://build.opensuse.org/package/show/games/SDL2?expand=0&rev=89
---
 CVE-2019-13616.patch | 15 +++++++++++++++
 SDL2.changes         |  8 +++++++-
 SDL2.spec            |  1 +
 3 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2019-13616.patch

diff --git a/CVE-2019-13616.patch b/CVE-2019-13616.patch
new file mode 100644
index 0000000..10e5ac9
--- /dev/null
+++ b/CVE-2019-13616.patch
@@ -0,0 +1,15 @@
+diff -r b810b78d32cc -r e7ba650a643a src/video/SDL_bmp.c
+--- a/src/video/SDL_bmp.c	Thu Jul 25 08:05:13 2019 -0500
++++ b/src/video/SDL_bmp.c	Tue Jul 30 11:00:00 2019 -0700
+@@ -226,6 +226,11 @@
+             SDL_RWseek(src, (biSize - headerSize), RW_SEEK_CUR);
+         }
+     }
++    if (biWidth <= 0 || biHeight == 0) {
++        SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
++        was_error = SDL_TRUE;
++        goto done;
++    }
+     if (biHeight < 0) {
+         topDown = SDL_TRUE;
+         biHeight = -biHeight;
diff --git a/SDL2.changes b/SDL2.changes
index d935db7..0149bad 100644
--- a/SDL2.changes
+++ b/SDL2.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Aug 22 16:43:13 UTC 2019 - Michael Gorse <mgorse@suse.com>
+
+- Add CVE-2019-13616.patch: fix heap buffer overflow when reading 
+  a crafted bmp file (boo#1141844 CVE-2019-13616).
+
 -------------------------------------------------------------------
 Sun Aug 11 04:29:55 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
 
@@ -44,7 +50,7 @@ Fri Jul 26 07:44:39 UTC 2019 - Luigi Baldoni <aloisio@gmx.com>
   * Added the hint SDL_HINT_MOUSE_TOUCH_EVENTS to control
     whether SDL will synthesize touch events from mouse events
   * Improved handling of malformed WAVE and BMP files, fixing
-    potential security exploits
+    potential security exploits (boo#1142031 CVE-2019-13626)
   * Removed the Mir video driver in favor of Wayland
 
 - Refreshed sdl2-symvers.patch
diff --git a/SDL2.spec b/SDL2.spec
index 75ee270..62f05ff 100644
--- a/SDL2.spec
+++ b/SDL2.spec
@@ -32,6 +32,7 @@ Source3:        %name.keyring
 Source4:        baselibs.conf
 Patch1:         sdl2-symvers.patch
 Patch2:         SDL2-endian.patch
+Patch3:         CVE-2019-13616.patch
 BuildRequires:  cmake
 BuildRequires:  dos2unix
 BuildRequires:  gcc-c++