From: "Armin Kuster" <akuster808@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [dunfell 08/12] libsdl: Fix CVE-2019-13616
Date: Sun, 30 May 2021 11:34:18 -0700 [thread overview]
Message-ID: <9d50b9f99509147613bfcee420b1718cd856c390.1622399528.git.akuster808@gmail.com> (raw)
In-Reply-To: <cover.1622399528.git.akuster808@gmail.com>
From: wangmy <wangmy@fujitsu.com>
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13616
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read
in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
Upstream-Status: Backport [https://github.com/libsdl-org/SDL/commit/97fefd050976bbbfca9608499f6a7d9fb86e70db]
CVE: CVE-2019-13616
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../libsdl/libsdl-1.2.15/CVE-2019-13616.patch | 27 +++++++++++++++++++
.../recipes-graphics/libsdl/libsdl_1.2.15.bb | 1 +
2 files changed, 28 insertions(+)
create mode 100644 meta-oe/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-13616.patch
diff --git a/meta-oe/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-13616.patch b/meta-oe/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-13616.patch
new file mode 100644
index 0000000000..2db67966cf
--- /dev/null
+++ b/meta-oe/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-13616.patch
@@ -0,0 +1,27 @@
+From 97fefd050976bbbfca9608499f6a7d9fb86e70db Mon Sep 17 00:00:00 2001
+From: Sam Lantinga <slouken@libsdl.org>
+Date: Tue, 30 Jul 2019 11:00:00 -0700
+Subject: [PATCH] Fixed bug 4538 - validate image size when loading BMP files
+---
+ src/video/SDL_bmp.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/video/SDL_bmp.c b/src/video/SDL_bmp.c
+index 8eadc5f..5b5e12c 100644
+--- a/src/video/SDL_bmp.c
++++ b/src/video/SDL_bmp.c
+@@ -143,6 +143,11 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops *src, int freesrc)
+ (void) biYPelsPerMeter;
+ (void) biClrImportant;
+
++ if (biWidth <= 0 || biHeight == 0) {
++ SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
++ was_error = SDL_TRUE;
++ goto done;
++ }
+ if (biHeight < 0) {
+ topDown = SDL_TRUE;
+ biHeight = -biHeight;
+--
+2.25.1
+
diff --git a/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb b/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb
index 7a01908322..d91a1856b4 100644
--- a/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb
+++ b/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb
@@ -27,6 +27,7 @@ SRC_URI = "http://www.libsdl.org/release/SDL-${PV}.tar.gz \
file://CVE-2019-7637.patch \
file://CVE-2019-7638.patch \
file://CVE-2019-7576.patch \
+ file://CVE-2019-13616.patch \
"
UPSTREAM_CHECK_REGEX = "SDL-(?P<pver>\d+(\.\d+)+)\.tar"
--
2.17.1
next prev parent reply other threads:[~2021-05-30 18:34 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-30 18:34 [dunfell 00/12] Patch review May 30th Armin Kuster
2021-05-30 18:34 ` [dunfell 01/12] exiv2: Fix CVE-2021-29457 Armin Kuster
2021-05-30 18:34 ` [dunfell 02/12] exiv2: Fix CVE-2021-29458 Armin Kuster
2021-05-30 18:34 ` [dunfell 03/12] exiv2: Fix CVE-2021-29463 Armin Kuster
2021-05-30 18:34 ` [dunfell 04/12] exiv2: Fix CVE-2021-3482 Armin Kuster
2021-05-30 18:34 ` [dunfell 05/12] exiv2: Fix CVE-2021-29464 Armin Kuster
2021-05-30 18:34 ` [dunfell 06/12] exiv2: Fix CVE-2021-29470 Armin Kuster
2021-05-30 18:34 ` [dunfell 07/12] exiv2: Fix CVE-2021-29473 Armin Kuster
2021-05-30 18:34 ` Armin Kuster [this message]
2021-05-30 18:34 ` [dunfell 09/12] hostapd: fix building with CONFIG_TLS=internal Armin Kuster
2021-05-30 18:34 ` [dunfell 10/12] opencv: Add fix for CVE-2019-5063 and CVE-2019-5064 Armin Kuster
2021-05-30 18:34 ` [dunfell 11/12] ebtables: use bitbake optimization levels Armin Kuster
2021-05-30 18:34 ` [dunfell 12/12] dnsmasq: Add fixes for CVEs reported for dnsmasq Armin Kuster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9d50b9f99509147613bfcee420b1718cd856c390.1622399528.git.akuster808@gmail.com \
--to=akuster808@gmail.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.