Commit 258d45e7 authored by Leo's avatar Leo
Browse files

main/sdl_image: fix CVE-2019-13616

ref #10878
parent 85b36404
......@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=sdl_image
pkgver=1.2.12
pkgrel=4
pkgrel=5
pkgdesc="A simple library to load images of various formats as SDL surfaces"
url="http://www.libsdl.org/projects/SDL_image/"
arch="all"
......@@ -12,7 +12,13 @@ depends=""
makedepends="sdl-dev libpng-dev libjpeg-turbo-dev libwebp-dev tiff-dev zlib-dev"
install=""
subpackages="$pkgname-dev"
source="https://www.libsdl.org/projects/SDL_image/release/SDL_image-${pkgver}.tar.gz"
source="https://www.libsdl.org/projects/SDL_image/release/SDL_image-${pkgver}.tar.gz
CVE-2019-13616.patch
"
# secfixes:
# 1.2.12-r5:
# - CVE-2019-13616
builddir="$srcdir"/SDL_image-$pkgver
prepare() {
......@@ -38,4 +44,5 @@ package() {
make DESTDIR="$pkgdir" install
}
sha512sums="0e71b280abc2a7f15755e4480a3c1b52d41f9f8b0c9216a6f5bd9fc0e939456fb5d6c10419e1d1904785783f9a1891ead278c03e88b0466fecc6871c3ca40136 SDL_image-1.2.12.tar.gz"
sha512sums="0e71b280abc2a7f15755e4480a3c1b52d41f9f8b0c9216a6f5bd9fc0e939456fb5d6c10419e1d1904785783f9a1891ead278c03e88b0466fecc6871c3ca40136 SDL_image-1.2.12.tar.gz
0ae144202435ad35e5ff6ae6b73592cd8ef68dba2704e09ba22f2b9e9d98f547f2ead28327be0594897f2165d2bf5c26f07e8ef72760527e8d9e4e593e8e5f60 CVE-2019-13616.patch"
diff --git a/IMG_bmp.c b/IMG_bmp.c
index b3c7580..bfadd45 100644
--- a/IMG_bmp.c
+++ b/IMG_bmp.c
@@ -272,6 +272,11 @@ static SDL_Surface *LoadBMP_RW (SDL_RWops *src, int freesrc)
biClrUsed = SDL_ReadLE32(src);
biClrImportant = SDL_ReadLE32(src);
}
+ if (biWidth <= 0 || biHeight == 0) {
+ IMG_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
+ was_error = SDL_TRUE;
+ goto done;
+ }
if (biHeight < 0) {
topDown = SDL_TRUE;
biHeight = -biHeight;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment