1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
From: Ozkan Sezer <sezeroz@gmail.com>
Date: Tue, 30 Jul 2019 21:29:15 +0300
Subject: Fixed bug 4538 - validate image size when loading BMP files
Bug: https://security-tracker.debian.org/tracker/CVE-2019-13616
Origin: upstream, https://github.com/libsdl-org/SDL_image/commit/e12c931e5bb260821ac7f11833eb627331779dcf
---
IMG_bmp.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/IMG_bmp.c b/IMG_bmp.c
index e4a394d..a324099 100644
--- a/IMG_bmp.c
+++ b/IMG_bmp.c
@@ -272,6 +272,11 @@ static SDL_Surface *LoadBMP_RW (SDL_RWops *src, int freesrc)
biClrUsed = SDL_ReadLE32(src);
biClrImportant = SDL_ReadLE32(src);
}
+ if (biWidth <= 0 || biHeight == 0) {
+ IMG_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
+ was_error = SDL_TRUE;
+ goto done;
+ }
if (biHeight < 0) {
topDown = SDL_TRUE;
biHeight = -biHeight;
|
