- Add CVE-2019-13616.patch: fix heap buffer overflow when reading

a crafted bmp file (boo#1141844 CVE-2019-13616).

OBS-URL: https://build.opensuse.org/package/show/games/SDL2_image?expand=0&rev=28

CVE-2019-13616.patch

@@ -0,0 +1,15 @@
+diff -r f1baffa48926 -r ba45f00879ba IMG_bmp.c
+--- a/IMG_bmp.c	Tue Jul 30 10:16:02 2019 -0700
++++ b/IMG_bmp.c	Tue Jul 30 11:00:12 2019 -0700
+@@ -351,6 +351,11 @@
+             SDL_RWseek(src, (biSize - headerSize), RW_SEEK_CUR);
+         }
+     }
++    if (biWidth <= 0 || biHeight == 0) {
++        IMG_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
++        was_error = SDL_TRUE;
++        goto done;
++    }
+     if (biHeight < 0) {
+         topDown = SDL_TRUE;
+         biHeight = -biHeight;

SDL2_image.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Aug 23 14:04:59 UTC 2019 - Michael Gorse <mgorse@suse.com>
+
+- Add CVE-2019-13616.patch: fix heap buffer overflow when reading
+  a crafted bmp file (boo#1141844 CVE-2019-13616).
+
 -------------------------------------------------------------------
 Fri Aug 23 09:53:45 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
 

SDL2_image.spec

@@ -28,6 +28,7 @@ URL:            https://libsdl.org/projects/SDL_image/
 #Hg-Clone:	http://hg.libsdl.org/SDL_image/
 Source:         https://libsdl.org/projects/SDL_image/release/%name-%version.tar.gz
 Source2:        baselibs.conf
+Patch1:         CVE-2019-13616.patch
 BuildRequires:  dos2unix
 BuildRequires:  libjpeg-devel
 BuildRequires:  libtiff-devel