diff options
| author | Yi Zhao <yi.zhao@windriver.com> | 2019-10-14 14:43:15 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-10-19 23:18:33 +0100 |
| commit | 3bdce139ffc9a79018ff4f4584e719dc5d8a2cea (patch) | |
| tree | 0fd3811f5b6c26d394e317a0e6e03e98ca244442 /meta/recipes-graphics | |
| parent | 4bdf118a743cb268cadbcb24187f9ab979fd05a7 (diff) | |
| download | poky-3bdce139ffc9a79018ff4f4584e719dc5d8a2cea.tar.gz | |
libsdl2: fix CVE-2019-13616
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2019-13616
Patch from:
https://hg.libsdl.org/SDL/rev/e7ba650a643a
(From OE-Core rev: 70b9cdf86b9c5ed14937500619387a890a57ef20)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-graphics')
| -rw-r--r-- | meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch | 34 | ||||
| -rw-r--r-- | meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb | 1 |
2 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch b/meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch new file mode 100644 index 0000000000..674decccbb --- /dev/null +++ b/meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch | |||
| @@ -0,0 +1,34 @@ | |||
| 1 | From 85138c1ec673e05263ae666baf61f79384daf7e0 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Sam Lantinga <slouken@libsdl.org> | ||
| 3 | Date: Tue, 30 Jul 2019 11:00:00 -0700 | ||
| 4 | Subject: [PATCH] Fixed bug 4538 - validate image size when loading BMP files | ||
| 5 | |||
| 6 | Upstream-Status: Backport | ||
| 7 | [https://hg.libsdl.org/SDL/rev/e7ba650a643a] | ||
| 8 | |||
| 9 | CVE: CVE-2019-13616 | ||
| 10 | |||
| 11 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
| 12 | --- | ||
| 13 | src/video/SDL_bmp.c | 5 +++++ | ||
| 14 | 1 file changed, 5 insertions(+) | ||
| 15 | |||
| 16 | diff --git a/src/video/SDL_bmp.c b/src/video/SDL_bmp.c | ||
| 17 | index 0b68918..a06b0c9 100644 | ||
| 18 | --- a/src/video/SDL_bmp.c | ||
| 19 | +++ b/src/video/SDL_bmp.c | ||
| 20 | @@ -226,6 +226,11 @@ SDL_LoadBMP_RW(SDL_RWops * src, int freesrc) | ||
| 21 | SDL_RWseek(src, (biSize - headerSize), RW_SEEK_CUR); | ||
| 22 | } | ||
| 23 | } | ||
| 24 | + if (biWidth <= 0 || biHeight == 0) { | ||
| 25 | + SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight); | ||
| 26 | + was_error = SDL_TRUE; | ||
| 27 | + goto done; | ||
| 28 | + } | ||
| 29 | if (biHeight < 0) { | ||
| 30 | topDown = SDL_TRUE; | ||
| 31 | biHeight = -biHeight; | ||
| 32 | -- | ||
| 33 | 2.7.4 | ||
| 34 | |||
diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb b/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb index 3a0654b866..cdc8650e17 100644 --- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb +++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb | |||
| @@ -14,6 +14,7 @@ PROVIDES = "virtual/libsdl2" | |||
| 14 | 14 | ||
| 15 | SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \ | 15 | SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \ |
| 16 | file://more-gen-depends.patch \ | 16 | file://more-gen-depends.patch \ |
| 17 | file://0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch \ | ||
| 17 | " | 18 | " |
| 18 | 19 | ||
| 19 | S = "${WORKDIR}/SDL2-${PV}" | 20 | S = "${WORKDIR}/SDL2-${PV}" |