File: CVE-2017-14440.patch

package info (click to toggle)
sdl-image1.2 1.2.12-14
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 7,028 kB
  • sloc: sh: 10,194; ansic: 9,697; objc: 248; csh: 219; makefile: 83
file content (26 lines) | stat: -rw-r--r-- 831 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
From: "Ryan C. Gordon" <icculus@icculus.org>
Date: Wed, 24 Jan 2018 12:00:24 -0500
Subject: lbm: Don't overflow static colormap buffer.

Bug: https://security-tracker.debian.org/tracker/CVE-2017-14440
Origin: upstream, 2.0.3, commit:bfa08dc02b3c, commit:https://github.com/libsdl-org/SDL_image/commit/1559b5ce67e25c8de65f0d4af020c1ec50cb7b85
---
 IMG_lbm.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/IMG_lbm.c b/IMG_lbm.c
index c19fe9f..cf70b53 100644
--- a/IMG_lbm.c
+++ b/IMG_lbm.c
@@ -187,6 +187,11 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *src )
 
 		if ( !memcmp( id, "CMAP", 4 ) ) /* palette ( Color Map ) */
 		{
+			if (size > sizeof (colormap)) {
+				error="colormap size is too large";
+				goto done;
+			}
+
 			if ( !SDL_RWread( src, &colormap, size, 1 ) )
 			{
 				error="error reading CMAP chunk";