Accepting request 1004169 from games

- Heap-buffer-overflow in bundled thirdparty tool tinyexr * added tinyexr_thirdparty_upstream.patch from upstream tinyexr (boo#1203278) OBS-URL: https://build.opensuse.org/request/show/1004169 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/godot?expand=0&rev=21
2022-09-17 18:10:40 +00:00 · 2022-09-17 18:10:40 +00:00 · 1fe437d952
commit 1fe437d952
parent 3a23d106ec 3e0b8dbb0d
3 changed files with 33 additions and 0 deletions
--- a/godot.changes
+++ b/godot.changes
@ -1,3 +1,8 @@
+Mon Sep 12 12:00:00 UTC 2022 - cunix@mail.de
+
+- Heap-buffer-overflow in bundled thirdparty tool tinyexr
+  * added tinyexr_thirdparty_upstream.patch from upstream tinyexr (boo#1203278)
+
 -------------------------------------------------------------------
 Sat Aug 6 12:00:00 UTC 2022 - cunix@mail.de

--- a/godot.spec
+++ b/godot.spec
@ -36,6 +36,8 @@ Source1:        https://downloads.tuxfamily.org/godotengine/%{version}/%{name}-%
 Patch0:         linker_pie_flag.patch
 # Use system certificates as fallback for certificates
 Patch1:         certs_fallback.patch
+# Heap-buffer-overflow in bundled tinyexr
+Patch2:         tinyexr_thirdparty_upstream.patch
 BuildRequires:  Mesa-devel
 BuildRequires:  desktop-file-utils
 BuildRequires:  fdupes
@ -243,6 +245,7 @@ Bash command line completion support for %{name}, %{name}-headless,
 %setup -q -n %{name}-%{version}-stable
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1

 cp thirdparty/README.md thirdparty_README.md

--- a/tinyexr_thirdparty_upstream.patch
+++ b/tinyexr_thirdparty_upstream.patch
@ -0,0 +1,25 @@
+From cc1b199dd17b700c3130a53866ea462ab88e7f82 Mon Sep 17 00:00:00 2001
+From: 0xdd96 <1011085630@qq.com>
+Date: Wed, 6 Jul 2022 12:14:50 +0800
+Subject: [PATCH] Add bounds check to address #169
+References:   https://bugzilla.opensuse.org/show_bug.cgi?id=1203278
+              https://github.com/syoyo/tinyexr/issues/169
+              https://github.com/syoyo/tinyexr/pull/170/commits/cc1b199dd17b700c3130a53866ea462ab88e7f82
+Rebased: 20220912 by cunix
+
+diff -r -U 5 a/thirdparty/tinyexr/tinyexr.h b/thirdparty/tinyexr/tinyexr.h
+--- a/thirdparty/tinyexr/tinyexr.h
+++ b/thirdparty/tinyexr/tinyexr.h
+@@ -1454,11 +1454,11 @@
+       in += count;
+     } else {
+       int count = *in++;
+       inLength -= 2;
+ 
+-      if (0 > (maxLength -= count + 1)) return 0;
+      if (0 > (maxLength -= count + 1) || inLength < 0) return 0;
+ 
+       memset(out, *reinterpret_cast<const char *>(in), count + 1);
+       out += count + 1;
+ 
+       in++;