diff options
Diffstat (limited to 'libre/sdl/SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch')
-rw-r--r-- | libre/sdl/SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/libre/sdl/SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch b/libre/sdl/SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch new file mode 100644 index 000000000..13fa7860e --- /dev/null +++ b/libre/sdl/SDL-1.2.15-CVE-2019-13616-validate_image_size_when_loading_BMP_files.patch @@ -0,0 +1,23 @@ +changeset: 12960:ad1bbfbca760 +branch: SDL-1.2 +parent: 12914:87d60cae0273 +user: Ozkan Sezer <sezeroz@gmail.com> +date: Tue Jul 30 21:30:24 2019 +0300 +summary: Fixed bug 4538 - validate image size when loading BMP files + +diff -r 87d60cae0273 -r ad1bbfbca760 src/video/SDL_bmp.c +--- a/src/video/SDL_bmp.c Tue Jun 18 23:31:40 2019 +0100 ++++ b/src/video/SDL_bmp.c Tue Jul 30 21:30:24 2019 +0300 +@@ -143,6 +143,11 @@ + (void) biYPelsPerMeter; + (void) biClrImportant; + ++ if (biWidth <= 0 || biHeight == 0) { ++ SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight); ++ was_error = SDL_TRUE; ++ goto done; ++ } + if (biHeight < 0) { + topDown = SDL_TRUE; + biHeight = -biHeight; + |