libsdl2: fix CVE-2019-13616

Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-13616 Patch from: https://hg.libsdl.org/SDL/rev/e7ba650a643a (From OE-Core rev: 70b9cdf86b9c5ed14937500619387a890a57ef20) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Yi Zhao <yi.zhao@windriver.com> 2019-10-14 14:43:15 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-10-19 23:18:33 +0100
commit: 3bdce139ffc9a79018ff4f4584e719dc5d8a2cea (patch)
tree: 0fd3811f5b6c26d394e317a0e6e03e98ca244442 /meta/recipes-graphics
parent: 4bdf118a743cb268cadbcb24187f9ab979fd05a7 (diff)
download: poky-3bdce139ffc9a79018ff4f4584e719dc5d8a2cea.tar.gz
2 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch b/meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch
new file mode 100644
index 0000000000..674decccbb
--- /dev/null
+++ b/meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch
@@ -0,0 +1,34 @@
+From 85138c1ec673e05263ae666baf61f79384daf7e0 Mon Sep 17 00:00:00 2001
+From: Sam Lantinga <slouken@libsdl.org>
+Date: Tue, 30 Jul 2019 11:00:00 -0700
+Subject: [PATCH] Fixed bug 4538 - validate image size when loading BMP files
+Upstream-Status: Backport
+[https://hg.libsdl.org/SDL/rev/e7ba650a643a]
+CVE: CVE-2019-13616
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/video/SDL_bmp.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+diff --git a/src/video/SDL_bmp.c b/src/video/SDL_bmp.c
+index 0b68918..a06b0c9 100644
+--- a/src/video/SDL_bmp.c
+++ b/src/video/SDL_bmp.c
+@@ -226,6 +226,11 @@ SDL_LoadBMP_RW(SDL_RWops * src, int freesrc)
+             SDL_RWseek(src, (biSize - headerSize), RW_SEEK_CUR);
+         }
+     }
+    if (biWidth <= 0 || biHeight == 0) {
+        SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
+        was_error = SDL_TRUE;
+        goto done;
+    }
+     if (biHeight < 0) {
+         topDown = SDL_TRUE;
+         biHeight = -biHeight;
+-- 
+2.7.4
diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb b/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
index 3a0654b866..cdc8650e17 100644
--- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
+++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
@@ -14,6 +14,7 @@ PROVIDES = "virtual/libsdl2"
 SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \
           file://more-gen-depends.patch \
+           file://0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch \
 "
 S = "${WORKDIR}/SDL2-${PV}"
author	Yi Zhao <yi.zhao@windriver.com>	2019-10-14 14:43:15 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-19 23:18:33 +0100
commit	3bdce139ffc9a79018ff4f4584e719dc5d8a2cea (patch)
tree	0fd3811f5b6c26d394e317a0e6e03e98ca244442 /meta/recipes-graphics
parent	4bdf118a743cb268cadbcb24187f9ab979fd05a7 (diff)
download	poky-3bdce139ffc9a79018ff4f4584e719dc5d8a2cea.tar.gz

diff --git a/meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch b/meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch new file mode 100644 index 0000000000..674decccbb --- /dev/null +++ b/meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch
@@ -0,0 +1,34 @@
		1	From 85138c1ec673e05263ae666baf61f79384daf7e0 Mon Sep 17 00:00:00 2001
		2	From: Sam Lantinga <slouken@libsdl.org>
		3	Date: Tue, 30 Jul 2019 11:00:00 -0700
		4	Subject: [PATCH] Fixed bug 4538 - validate image size when loading BMP files
		5
		6	Upstream-Status: Backport
		7	[https://hg.libsdl.org/SDL/rev/e7ba650a643a]
		8
		9	CVE: CVE-2019-13616
		10
		11	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
		12	---
		13	src/video/SDL_bmp.c \| 5 +++++
		14	1 file changed, 5 insertions(+)
		15
		16	diff --git a/src/video/SDL_bmp.c b/src/video/SDL_bmp.c
		17	index 0b68918..a06b0c9 100644
		18	--- a/src/video/SDL_bmp.c
		19	+++ b/src/video/SDL_bmp.c
		20	@@ -226,6 +226,11 @@ SDL_LoadBMP_RW(SDL_RWops * src, int freesrc)
		21	SDL_RWseek(src, (biSize - headerSize), RW_SEEK_CUR);
		22	}
		23	}
		24	+ if (biWidth <= 0 \|\| biHeight == 0) {
		25	+ SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
		26	+ was_error = SDL_TRUE;
		27	+ goto done;
		28	+ }
		29	if (biHeight < 0) {
		30	topDown = SDL_TRUE;
		31	biHeight = -biHeight;
		32	--
		33	2.7.4
		34


diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb b/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb index 3a0654b866..cdc8650e17 100644 --- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb +++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
@@ -14,6 +14,7 @@ PROVIDES = "virtual/libsdl2"
14		14
15	SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \	15	SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \
16	file://more-gen-depends.patch \	16	file://more-gen-depends.patch \
		17	file://0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch \
17	"	18	"
18		19
19	S = "${WORKDIR}/SDL2-${PV}"	20	S = "${WORKDIR}/SDL2-${PV}"