libsdl2: Add fix for CVE-2021-33657

Add patch to fix CVE-2021-33657 issue for libsdl2 Link: https://security-tracker.debian.org/tracker/CVE-2021-33657 (From OE-Core rev: 1cc84e4c51c9afaa5dcb5011e6511496e00d2c8a) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> 2022-05-30 12:45:29 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-06-04 12:16:58 +0100
commit: f0d18846de3b5c69d85334e47b74c8d085b058de (patch)
tree: b61690590cd0b14bf93abc748dd412ff02ab0582
parent: d6941efc0baba9b8f2f137732c7a574d1e12ef54 (diff)
download: poky-f0d18846de3b5c69d85334e47b74c8d085b058de.tar.gz
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch b/meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch
new file mode 100644
index 0000000000..a4ed7ab8e6
--- /dev/null
+++ b/meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch
@@ -0,0 +1,38 @@
+From 8c91cf7dba5193f5ce12d06db1336515851c9ee9 Mon Sep 17 00:00:00 2001
+From: Sam Lantinga <slouken@libsdl.org>
+Date: Tue, 30 Nov 2021 12:36:46 -0800
+Subject: [PATCH] Always create a full 256-entry map in case color values are
+ out of range
+Fixes https://github.com/libsdl-org/SDL/issues/5042
+CVE: CVE-2021-33657
+Upstream-Status: Backport [https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9.patch]
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+---
+ src/video/SDL_pixels.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/src/video/SDL_pixels.c b/src/video/SDL_pixels.c
+index ac04533c5d5..9bb02f771d0 100644
+--- a/src/video/SDL_pixels.c
+++ b/src/video/SDL_pixels.c
+@@ -947,7 +947,7 @@ Map1to1(SDL_Palette * src, SDL_Palette * dst, int *identical)
+         }
+         *identical = 0;
+     }
+-    map = (Uint8 *) SDL_malloc(src->ncolors);
+    map = (Uint8 *) SDL_calloc(256, sizeof(Uint8));
+     if (map == NULL) {
+         SDL_OutOfMemory();
+         return (NULL);
+@@ -971,7 +971,7 @@ Map1toN(SDL_PixelFormat * src, Uint8 Rmod, Uint8 Gmod, Uint8 Bmod, Uint8 Amod,
+     SDL_Palette *pal = src->palette;
+ 
+     bpp = ((dst->BytesPerPixel == 3) ? 4 : dst->BytesPerPixel);
+-    map = (Uint8 *) SDL_malloc(pal->ncolors * bpp);
+    map = (Uint8 *) SDL_calloc(256, bpp);
+     if (map == NULL) {
+         SDL_OutOfMemory();
+         return (NULL);
diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
index 8e77c18f2d..44d36fca22 100644
--- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
+++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
@@ -21,6 +21,7 @@ SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \
           file://directfb-spurious-curly-brace-missing-e.patch \
           file://directfb-renderfillrect-fix.patch \
           file://CVE-2020-14409-14410.patch \
+           file://CVE-2021-33657.patch \
 "
 S = "${WORKDIR}/SDL2-${PV}"
author	Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>	2022-05-30 12:45:29 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-06-04 12:16:58 +0100
commit	f0d18846de3b5c69d85334e47b74c8d085b058de (patch)
tree	b61690590cd0b14bf93abc748dd412ff02ab0582
parent	d6941efc0baba9b8f2f137732c7a574d1e12ef54 (diff)
download	poky-f0d18846de3b5c69d85334e47b74c8d085b058de.tar.gz

diff --git a/meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch b/meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch new file mode 100644 index 0000000000..a4ed7ab8e6 --- /dev/null +++ b/meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch
@@ -0,0 +1,38 @@
		1	From 8c91cf7dba5193f5ce12d06db1336515851c9ee9 Mon Sep 17 00:00:00 2001
		2	From: Sam Lantinga <slouken@libsdl.org>
		3	Date: Tue, 30 Nov 2021 12:36:46 -0800
		4	Subject: [PATCH] Always create a full 256-entry map in case color values are
		5	out of range
		6
		7	Fixes https://github.com/libsdl-org/SDL/issues/5042
		8
		9	CVE: CVE-2021-33657
		10	Upstream-Status: Backport [https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9.patch]
		11	Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
		12
		13	---
		14	src/video/SDL_pixels.c \| 4 ++--
		15	1 file changed, 2 insertions(+), 2 deletions(-)
		16
		17	diff --git a/src/video/SDL_pixels.c b/src/video/SDL_pixels.c
		18	index ac04533c5d5..9bb02f771d0 100644
		19	--- a/src/video/SDL_pixels.c
		20	+++ b/src/video/SDL_pixels.c
		21	@@ -947,7 +947,7 @@ Map1to1(SDL_Palette * src, SDL_Palette * dst, int *identical)
		22	}
		23	*identical = 0;
		24	}
		25	- map = (Uint8 *) SDL_malloc(src->ncolors);
		26	+ map = (Uint8 *) SDL_calloc(256, sizeof(Uint8));
		27	if (map == NULL) {
		28	SDL_OutOfMemory();
		29	return (NULL);
		30	@@ -971,7 +971,7 @@ Map1toN(SDL_PixelFormat * src, Uint8 Rmod, Uint8 Gmod, Uint8 Bmod, Uint8 Amod,
		31	SDL_Palette *pal = src->palette;
		32
		33	bpp = ((dst->BytesPerPixel == 3) ? 4 : dst->BytesPerPixel);
		34	- map = (Uint8 ) SDL_malloc(pal->ncolors bpp);
		35	+ map = (Uint8 *) SDL_calloc(256, bpp);
		36	if (map == NULL) {
		37	SDL_OutOfMemory();
		38	return (NULL);


diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb index 8e77c18f2d..44d36fca22 100644 --- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb +++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
@@ -21,6 +21,7 @@ SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \
21	file://directfb-spurious-curly-brace-missing-e.patch \	21	file://directfb-spurious-curly-brace-missing-e.patch \
22	file://directfb-renderfillrect-fix.patch \	22	file://directfb-renderfillrect-fix.patch \
23	file://CVE-2020-14409-14410.patch \	23	file://CVE-2020-14409-14410.patch \
		24	file://CVE-2021-33657.patch \
24	"	25	"
25		26
26	S = "${WORKDIR}/SDL2-${PV}"	27	S = "${WORKDIR}/SDL2-${PV}"