Package: sdl-image1.2 / 1.2.12-12

CVE-2019-5058.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Description: Fixed TALOS-2019-0842 - XCF Image Code Execution Vulnerability
 This patch addresses a bug in a previous security patch for CVE-2018-3977.
 The initial patch failing to address this issue, the bug was "re-discovered"
 later and addressed CVE-2019-5058.
Author: Sam Lantinga <slouken@libsdl.org>
Origin: upstream, https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10
--- a/IMG_xcf.c	2019-08-08 15:28:56.008856406 +0200
+++ b/IMG_xcf.c	2019-08-08 15:29:17.322145207 +0200
@@ -634,7 +634,7 @@
       p16 = (Uint16 *) p8;
       p   = (Uint32 *) p8;
       for (y=ty; y < ty+oy; y++) {
-	if ((ty >= surface->h) || ((tx+ox) > surface->w)) {
+	if ((y >= surface->h) || ((tx+ox) > surface->w)) {
 		break;
 	}
 	row = (Uint32 *)((Uint8 *)surface->pixels + y*surface->pitch + tx*4);