rpms/SDL2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix potential overflow in surface allocation

Browse Source 
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
This commit is contained in:
Igor Gnatenko 2017-10-11 15:11:05 +02:00
parent 55efd55e4b
commit 665065a766
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
SDL2-2.0.6-CVE-2017-2888.patch Normal file
View File

@ -0,0 +1,28 @@
# HG changeset patch
# User Sam Lantinga <slouken@libsdl.org>
# Date 1507331870 25200
# Fri Oct 06 16:17:50 2017 -0700
# Node ID 7e0f1498ddb549a338a220534875529ef0ba55ce
# Parent dc7245e3d1f2ae032caa7776940af4aebe6afc05
Fixed potential overflow in surface allocation (thanks Yves!)
diff -r dc7245e3d1f2 -r 7e0f1498ddb5 src/video/SDL_surface.c
--- a/src/video/SDL_surface.c Thu Oct 05 09:37:28 2017 -0700
+++ b/src/video/SDL_surface.c Fri Oct 06 16:17:50 2017 -0700
@@ -80,7 +80,15 @@
/* Get the pixels */
if (surface->w && surface->h) {
- surface->pixels = SDL_malloc(surface->h * surface->pitch);
+ int size = (surface->h * surface->pitch);
+ if (size < 0 || (size / surface->pitch) != surface->h) {
+ /* Overflow... */
+ SDL_FreeSurface(surface);
+ SDL_OutOfMemory();
+ return NULL;
+ }
+
+ surface->pixels = SDL_malloc(size);
if (!surface->pixels) {
SDL_FreeSurface(surface);
SDL_OutOfMemory();

7
SDL2.spec
View File

@ -1,6 +1,6 @@
Name: SDL2 Name: SDL2
Version: 2.0.6 Version: 2.0.6
Release: 2%{?dist} Release: 3%{?dist}
Summary: A cross-platform multimedia library Summary: A cross-platform multimedia library
License: zlib and MIT License: zlib and MIT
@ -13,6 +13,8 @@ Patch0: multilib.patch
# https://bugzilla.libsdl.org/show_bug.cgi?id=3854 # https://bugzilla.libsdl.org/show_bug.cgi?id=3854
# https://hg.libsdl.org/SDL/rev/dc7245e3d1f2 # https://hg.libsdl.org/SDL/rev/dc7245e3d1f2
Patch1: SDL2-2.0.6-invalid-dbus-args.patch Patch1: SDL2-2.0.6-invalid-dbus-args.patch
# https://hg.libsdl.org/SDL/rev/7e0f1498ddb5
Patch2: SDL2-2.0.6-CVE-2017-2888.patch
BuildRequires: alsa-lib-devel BuildRequires: alsa-lib-devel
BuildRequires: audiofile-devel BuildRequires: audiofile-devel
@ -129,6 +131,9 @@ rm -vf %{buildroot}%{_libdir}/*.la
%{_libdir}/lib*.a %{_libdir}/lib*.a
%changelog %changelog
* Wed Oct 11 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.0.6-3
- Fix potential overflow in surface allocation
* Thu Oct 05 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.0.6-2 * Thu Oct 05 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.0.6-2
- Fix invalid dbus arguments - Fix invalid dbus arguments