File: CVE-2017-14442.patch

package info (click to toggle)
libsdl2-image 2.0.0%2Bdfsg-3%2Bdeb8u1
  • links: PTS, VCS
  • area: main
  • in suites: jessie
  • size: 2,140 kB
  • sloc: sh: 10,011; ansic: 9,550; makefile: 89
file content (22 lines) | stat: -rw-r--r-- 803 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
# HG changeset patch
# User Ryan C. Gordon <icculus@icculus.org>
# Date 1516817527 18000
# Node ID 37445f6180a8ca7a218ab9f9eaaeaf088b4f6c3a
# Parent  a1e9b624ca1033f893e93691802682bf36400f7a
bmp: don't overflow palette buffer with bogus biClrUsed values.

diff -r a1e9b624ca10 -r 37445f6180a8 IMG_bmp.c
--- a/IMG_bmp.c	Wed Jan 24 13:02:04 2018 -0500
+++ b/IMG_bmp.c	Wed Jan 24 13:12:07 2018 -0500
@@ -760,6 +760,11 @@
         if (biClrUsed == 0) {
             biClrUsed = 1 << biBitCount;
         }
+        if (biClrUsed > SDL_arraysize(palette)) {
+            IMG_SetError("Unsupported or incorrect biClrUsed field");
+            was_error = SDL_TRUE;
+            goto done;
+        }
         for (i = 0; i < (int) biClrUsed; ++i) {
             SDL_RWread(src, &palette[i], 4, 1);
         }