1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
From: Sam Lantinga <slouken@libsdl.org>
Date: Tue, 30 Nov 2021 12:36:46 -0800
Subject: Always create a full 256-entry map in case color values are out of
range
Bug: https://github.com/libsdl-org/SDL/issues/5042
Bug-CVE: CVE-2021-33657
Bug-Debian: https://bugs.debian.org/1014577
Origin: upstream, 2.0.20, commit:8c91cf7dba5193f5ce12d06db1336515851c9ee9
---
src/video/SDL_pixels.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/video/SDL_pixels.c b/src/video/SDL_pixels.c
index 17f1a71..38de650 100644
--- a/src/video/SDL_pixels.c
+++ b/src/video/SDL_pixels.c
@@ -477,7 +477,7 @@ static Uint8 *Map1to1(SDL_Palette *src, SDL_Palette *dst, int *identical)
}
*identical = 0;
}
- map = (Uint8 *)SDL_malloc(src->ncolors);
+ map = (Uint8 *)SDL_calloc(256, sizeof(Uint8));
if ( map == NULL ) {
SDL_OutOfMemory();
return(NULL);
@@ -498,7 +498,7 @@ static Uint8 *Map1toN(SDL_PixelFormat *src, SDL_PixelFormat *dst)
SDL_Palette *pal = src->palette;
bpp = ((dst->BytesPerPixel == 3) ? 4 : dst->BytesPerPixel);
- map = (Uint8 *)SDL_malloc(pal->ncolors*bpp);
+ map = (Uint8 *)SDL_calloc(256, bpp);
if ( map == NULL ) {
SDL_OutOfMemory();
return(NULL);
|
