Package: sdl-image1.2 / 1.2.12-12

CVE-2017-2887.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# HG changeset patch
# User Sam Lantinga <slouken@libsdl.org>
# Date 1507329619 25200
# Node ID 318484db0705d07d4d1f4c0a1d3d5ea69f6ba2b0
# Parent  7ad06019831d474380fd5a63e518d21219031519
Fixed security vulnerability in XCF image loader (thanks Yves!)

diff -r 7ad06019831d -r 318484db0705 IMG_xcf.c
--- a/IMG_xcf.c	Mon Sep 18 16:10:17 2017 -0700
+++ b/IMG_xcf.c	Fri Oct 06 15:40:19 2017 -0700
@@ -251,6 +251,7 @@
 }
 
 static void xcf_read_property (SDL_RWops * src, xcf_prop * prop) {
+  Uint32 len;
   prop->id = SDL_ReadBE32 (src);
   prop->length = SDL_ReadBE32 (src);
 
@@ -274,7 +275,12 @@
     break;
   case PROP_COMPRESSION:
   case PROP_COLOR:
-    SDL_RWread (src, &prop->data, prop->length, 1);
+    if (prop->length > sizeof(prop->data)) {
+        len = sizeof(prop->data);
+    } else {
+        len = prop->length;
+    }
+    SDL_RWread(src, &prop->data, len, 1);
     break;
   case PROP_VISIBLE:
     prop->data.visible = SDL_ReadBE32 (src);