jengelh/SDL_image
SHA256
1
0
Fork 0
forked from pool/SDL_image
Code Pull Requests Activity

Accepting request 725424 from home:mgorse:branches:games

Browse Source 
- Add CVE-2019-13616.patch: fix heap buffer overflow when reading 
  a crafted bmp file (boo#1141844 CVE-2019-13616).

OBS-URL: https://build.opensuse.org/request/show/725424
OBS-URL: https://build.opensuse.org/package/show/games/SDL_image?expand=0&rev=23
This commit is contained in:
Jan Engelhardt 2019-08-23 11:48:11 +00:00 committed by Git OBS Bridge
parent df0d4ef481
commit 309fc5c36e
3 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
CVE-2019-13616.patch Normal file
View File

@ -0,0 +1,15 @@
diff -r 9ccaa3a0dfb6 -r a59bfe382008 IMG_bmp.c
--- a/IMG_bmp.c Thu Jul 11 01:01:56 2019 +0300
+++ b/IMG_bmp.c Tue Jul 30 21:29:15 2019 +0300
@@ -272,6 +272,11 @@
biClrUsed = SDL_ReadLE32(src);
biClrImportant = SDL_ReadLE32(src);
}
+ if (biWidth <= 0 || biHeight == 0) {
+ IMG_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
+ was_error = SDL_TRUE;
+ goto done;
+ }
if (biHeight < 0) {
topDown = SDL_TRUE;
biHeight = -biHeight;

6
SDL_image.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu Aug 22 19:51:00 UTC 2019 - Michael Gorse <mgorse@suse.com>
- Add CVE-2019-13616.patch: fix heap buffer overflow when reading
a crafted bmp file (boo#1141844 CVE-2019-13616).
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 8 09:34:38 UTC 2015 - jengelh@inai.de Thu Jan 8 09:34:38 UTC 2015 - jengelh@inai.de

8
SDL_image.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package SDL_image # spec file for package SDL_image
# #
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9) # license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative. # published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
@ -21,13 +21,14 @@ Name: SDL_image
Version: 1.2.12 Version: 1.2.12
Release: 0 Release: 0
Summary: SDL image loading library Summary: SDL image loading library
License: LGPL-2.1+ License: LGPL-2.1-or-later
Group: Development/Libraries/X11 Group: Development/Libraries/X11
Url: http://libsdl.org/projects/SDL_image/release-1.2.html Url: http://libsdl.org/projects/SDL_image/release-1.2.html
# removed VisualC.zip, VisualCE.zip, Watcom-OS2.zip, Xcode.tar.gz, Xcode_iPhone.tar.gz from upstream tarball [bnc#508084] # removed VisualC.zip, VisualCE.zip, Watcom-OS2.zip, Xcode.tar.gz, Xcode_iPhone.tar.gz from upstream tarball [bnc#508084]
Source: %name-%version-repack.tar.bz2 Source: %name-%version-repack.tar.bz2
Source3: baselibs.conf Source3: baselibs.conf
Patch0: CVE-2019-13616.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: libjpeg-devel BuildRequires: libjpeg-devel
BuildRequires: libtiff-devel BuildRequires: libtiff-devel
@ -66,6 +67,7 @@ TIFF and WEBP formats.
%prep %prep
%setup -q %setup -q
%patch0 -p1
%build %build
%configure --disable-png-shared --disable-jpg-shared --disable-tif-shared \ %configure --disable-png-shared --disable-jpg-shared --disable-tif-shared \