1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
From: =?utf-8?b?UGV0ciBQw61zYcWZ?= <ppisar@redhat.com>
Date: Sat, 16 Mar 2019 18:35:11 -0700
Subject: Reject 2, 3, 5, 6, 7-bpp BMP images
BMP decoder assumes less than 8 bit depth images have 1 or 4 bits
per pixel. No other depths are correctly translated to an 8bpp
surface.
This patch rejects loading these images.
Bug: https://bugzilla.libsdl.org/show_bug.cgi?id=4498
Bug: https://github.com/libsdl-org/SDL/issues/3160
Bug-CVE: CVE-2019-7635
Origin: upstream, commit:https://github.com/libsdl-org/SDL-1.2/commit/4291cd0e9456cb8037867d9023ec7420f0feea65
---
src/video/SDL_bmp.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/video/SDL_bmp.c b/src/video/SDL_bmp.c
index 3accded..da4e4ab 100644
--- a/src/video/SDL_bmp.c
+++ b/src/video/SDL_bmp.c
@@ -163,6 +163,14 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops *src, int freesrc)
ExpandBMP = biBitCount;
biBitCount = 8;
break;
+ case 2:
+ case 3:
+ case 5:
+ case 6:
+ case 7:
+ SDL_SetError("%d-bpp BMP images are not supported", biBitCount);
+ was_error = SDL_TRUE;
+ goto done;
default:
ExpandBMP = 0;
break;
|
