diff options
author | Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> | 2022-05-30 12:45:29 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-06-04 12:16:58 +0100 |
commit | f0d18846de3b5c69d85334e47b74c8d085b058de (patch) | |
tree | b61690590cd0b14bf93abc748dd412ff02ab0582 | |
parent | d6941efc0baba9b8f2f137732c7a574d1e12ef54 (diff) | |
download | poky-f0d18846de3b5c69d85334e47b74c8d085b058de.tar.gz |
libsdl2: Add fix for CVE-2021-33657
Add patch to fix CVE-2021-33657 issue for libsdl2
Link: https://security-tracker.debian.org/tracker/CVE-2021-33657
(From OE-Core rev: 1cc84e4c51c9afaa5dcb5011e6511496e00d2c8a)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch | 38 | ||||
-rw-r--r-- | meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb | 1 |
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch b/meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch new file mode 100644 index 0000000000..a4ed7ab8e6 --- /dev/null +++ b/meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch | |||
@@ -0,0 +1,38 @@ | |||
1 | From 8c91cf7dba5193f5ce12d06db1336515851c9ee9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Sam Lantinga <slouken@libsdl.org> | ||
3 | Date: Tue, 30 Nov 2021 12:36:46 -0800 | ||
4 | Subject: [PATCH] Always create a full 256-entry map in case color values are | ||
5 | out of range | ||
6 | |||
7 | Fixes https://github.com/libsdl-org/SDL/issues/5042 | ||
8 | |||
9 | CVE: CVE-2021-33657 | ||
10 | Upstream-Status: Backport [https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9.patch] | ||
11 | Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> | ||
12 | |||
13 | --- | ||
14 | src/video/SDL_pixels.c | 4 ++-- | ||
15 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
16 | |||
17 | diff --git a/src/video/SDL_pixels.c b/src/video/SDL_pixels.c | ||
18 | index ac04533c5d5..9bb02f771d0 100644 | ||
19 | --- a/src/video/SDL_pixels.c | ||
20 | +++ b/src/video/SDL_pixels.c | ||
21 | @@ -947,7 +947,7 @@ Map1to1(SDL_Palette * src, SDL_Palette * dst, int *identical) | ||
22 | } | ||
23 | *identical = 0; | ||
24 | } | ||
25 | - map = (Uint8 *) SDL_malloc(src->ncolors); | ||
26 | + map = (Uint8 *) SDL_calloc(256, sizeof(Uint8)); | ||
27 | if (map == NULL) { | ||
28 | SDL_OutOfMemory(); | ||
29 | return (NULL); | ||
30 | @@ -971,7 +971,7 @@ Map1toN(SDL_PixelFormat * src, Uint8 Rmod, Uint8 Gmod, Uint8 Bmod, Uint8 Amod, | ||
31 | SDL_Palette *pal = src->palette; | ||
32 | |||
33 | bpp = ((dst->BytesPerPixel == 3) ? 4 : dst->BytesPerPixel); | ||
34 | - map = (Uint8 *) SDL_malloc(pal->ncolors * bpp); | ||
35 | + map = (Uint8 *) SDL_calloc(256, bpp); | ||
36 | if (map == NULL) { | ||
37 | SDL_OutOfMemory(); | ||
38 | return (NULL); | ||
diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb index 8e77c18f2d..44d36fca22 100644 --- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb +++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb | |||
@@ -21,6 +21,7 @@ SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \ | |||
21 | file://directfb-spurious-curly-brace-missing-e.patch \ | 21 | file://directfb-spurious-curly-brace-missing-e.patch \ |
22 | file://directfb-renderfillrect-fix.patch \ | 22 | file://directfb-renderfillrect-fix.patch \ |
23 | file://CVE-2020-14409-14410.patch \ | 23 | file://CVE-2020-14409-14410.patch \ |
24 | file://CVE-2021-33657.patch \ | ||
24 | " | 25 | " |
25 | 26 | ||
26 | S = "${WORKDIR}/SDL2-${PV}" | 27 | S = "${WORKDIR}/SDL2-${PV}" |