libsdl2: Add fix for CVE-2022-4743

Add a patch to fix CVE-2022-4743 security issue "A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected." as per NVD (From OE-Core rev: f40ad856e814366c2d3588001dea1e0df7a3fed6) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> 2023-02-02 19:43:27 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-02-13 07:44:09 +0000
commit: 4f6333a564f9ee3c789ce7476e4a9b6eb357d9a7 (patch)
tree: 9d056545d16196522c238086af0365aaedc81029
parent: 262f47eff8e72ddaf34264b8fd78d669c7d6157d (diff)
download: poky-4f6333a564f9ee3c789ce7476e4a9b6eb357d9a7.tar.gz
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-graphics/libsdl2/libsdl2/CVE-2022-4743.patch b/meta/recipes-graphics/libsdl2/libsdl2/CVE-2022-4743.patch
new file mode 100644
index 0000000000..b02a2169a6
--- /dev/null
+++ b/meta/recipes-graphics/libsdl2/libsdl2/CVE-2022-4743.patch
@@ -0,0 +1,38 @@
+From 00b67f55727bc0944c3266e2b875440da132ce4b Mon Sep 17 00:00:00 2001
+From: zhailiangliang <zhailiangliang@loongson.cn>
+Date: Wed, 21 Sep 2022 10:30:38 +0800
+Subject: [PATCH] Fix potential memory leak in GLES_CreateTexture
+CVE: CVE-2022-4743
+Upstream-Status: Backport [https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b.patch]
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+---
+ src/render/opengles/SDL_render_gles.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+diff --git a/src/render/opengles/SDL_render_gles.c b/src/render/opengles/SDL_render_gles.c
+index a5fbab309eda..ba08a46e2805 100644
+--- a/src/render/opengles/SDL_render_gles.c
+++ b/src/render/opengles/SDL_render_gles.c
+@@ -359,6 +359,9 @@ GLES_CreateTexture(SDL_Renderer * renderer, SDL_Texture * texture)
+     renderdata->glGenTextures(1, &data->texture);
+     result = renderdata->glGetError();
+     if (result != GL_NO_ERROR) {
+        if (texture->access == SDL_TEXTUREACCESS_STREAMING) {
+            SDL_free(data->pixels);
+        }
+         SDL_free(data);
+         return GLES_SetError("glGenTextures()", result);
+     }
+@@ -387,6 +390,9 @@ GLES_CreateTexture(SDL_Renderer * renderer, SDL_Texture * texture)
+ 
+     result = renderdata->glGetError();
+     if (result != GL_NO_ERROR) {
+        if (texture->access == SDL_TEXTUREACCESS_STREAMING) {
+            SDL_free(data->pixels);
+        }
+         SDL_free(data);
+         return GLES_SetError("glTexImage2D()", result);
+     }
diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
index 44d36fca22..fa29bc99ac 100644
--- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
+++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
@@ -22,6 +22,7 @@ SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \
           file://directfb-renderfillrect-fix.patch \
           file://CVE-2020-14409-14410.patch \
           file://CVE-2021-33657.patch \
+           file://CVE-2022-4743.patch \
 "
 S = "${WORKDIR}/SDL2-${PV}"
author	Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>	2023-02-02 19:43:27 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-02-13 07:44:09 +0000
commit	4f6333a564f9ee3c789ce7476e4a9b6eb357d9a7 (patch)
tree	9d056545d16196522c238086af0365aaedc81029
parent	262f47eff8e72ddaf34264b8fd78d669c7d6157d (diff)
download	poky-4f6333a564f9ee3c789ce7476e4a9b6eb357d9a7.tar.gz

diff --git a/meta/recipes-graphics/libsdl2/libsdl2/CVE-2022-4743.patch b/meta/recipes-graphics/libsdl2/libsdl2/CVE-2022-4743.patch new file mode 100644 index 0000000000..b02a2169a6 --- /dev/null +++ b/meta/recipes-graphics/libsdl2/libsdl2/CVE-2022-4743.patch
@@ -0,0 +1,38 @@
		1	From 00b67f55727bc0944c3266e2b875440da132ce4b Mon Sep 17 00:00:00 2001
		2	From: zhailiangliang <zhailiangliang@loongson.cn>
		3	Date: Wed, 21 Sep 2022 10:30:38 +0800
		4	Subject: [PATCH] Fix potential memory leak in GLES_CreateTexture
		5
		6
		7	CVE: CVE-2022-4743
		8	Upstream-Status: Backport [https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b.patch]
		9	Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
		10
		11	---
		12	src/render/opengles/SDL_render_gles.c \| 6 ++++++
		13	1 file changed, 6 insertions(+)
		14
		15	diff --git a/src/render/opengles/SDL_render_gles.c b/src/render/opengles/SDL_render_gles.c
		16	index a5fbab309eda..ba08a46e2805 100644
		17	--- a/src/render/opengles/SDL_render_gles.c
		18	+++ b/src/render/opengles/SDL_render_gles.c
		19	@@ -359,6 +359,9 @@ GLES_CreateTexture(SDL_Renderer * renderer, SDL_Texture * texture)
		20	renderdata->glGenTextures(1, &data->texture);
		21	result = renderdata->glGetError();
		22	if (result != GL_NO_ERROR) {
		23	+ if (texture->access == SDL_TEXTUREACCESS_STREAMING) {
		24	+ SDL_free(data->pixels);
		25	+ }
		26	SDL_free(data);
		27	return GLES_SetError("glGenTextures()", result);
		28	}
		29	@@ -387,6 +390,9 @@ GLES_CreateTexture(SDL_Renderer * renderer, SDL_Texture * texture)
		30
		31	result = renderdata->glGetError();
		32	if (result != GL_NO_ERROR) {
		33	+ if (texture->access == SDL_TEXTUREACCESS_STREAMING) {
		34	+ SDL_free(data->pixels);
		35	+ }
		36	SDL_free(data);
		37	return GLES_SetError("glTexImage2D()", result);
		38	}


diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb index 44d36fca22..fa29bc99ac 100644 --- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb +++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
@@ -22,6 +22,7 @@ SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \
22	file://directfb-renderfillrect-fix.patch \	22	file://directfb-renderfillrect-fix.patch \
23	file://CVE-2020-14409-14410.patch \	23	file://CVE-2020-14409-14410.patch \
24	file://CVE-2021-33657.patch \	24	file://CVE-2021-33657.patch \
		25	file://CVE-2022-4743.patch \
25	"	26	"
26		27
27	S = "${WORKDIR}/SDL2-${PV}"	28	S = "${WORKDIR}/SDL2-${PV}"