File: CVE-2017-14441.patch

package info (click to toggle)
sdl-image1.2 1.2.12-14
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 7,028 kB
  • sloc: sh: 10,194; ansic: 9,697; objc: 248; csh: 219; makefile: 83
file content (29 lines) | stat: -rw-r--r-- 1,015 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
From: "Ryan C. Gordon" <icculus@icculus.org>
Date: Wed, 24 Jan 2018 13:02:04 -0500
Subject: ico: reject obviously incorrect image sizes.

Bug: https://security-tracker.debian.org/tracker/CVE-2017-14441
Origin: upstream, 2.0.3, commit:a1e9b624ca10, commit:https://github.com/libsdl-org/SDL_image/commit/da6a5c54fdc0c926ab1233ae4792a1703c83e810
---
 IMG_bmp.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/IMG_bmp.c b/IMG_bmp.c
index b3c7580..60ba1a5 100644
--- a/IMG_bmp.c
+++ b/IMG_bmp.c
@@ -662,6 +662,14 @@ LoadICOCUR_RW(SDL_RWops * src, int type, int freesrc)
         goto done;
     }
 
+    /* sanity check image size, so we don't overflow integers, etc. */
+    if ((biWidth < 0) || (biWidth > 0xFFFFFF) ||
+        (biHeight < 0) || (biHeight > 0xFFFFFF)) {
+        IMG_SetError("Unsupported or invalid ICO dimensions");
+        was_error = SDL_TRUE;
+        goto done;
+    }
+
     /* Create a RGBA surface */
     biHeight = biHeight >> 1;
     //printf("%d x %d\n", biWidth, biHeight);