File: CVE-2019-5052.patch

package info (click to toggle)
sdl-image1.2 1.2.12-14
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 7,028 kB
  • sloc: sh: 10,194; ansic: 9,697; objc: 248; csh: 219; makefile: 83
file content (23 lines) | stat: -rw-r--r-- 734 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
From: Sam Lantinga <slouken@libsdl.org>
Date: Mon, 10 Jun 2019 13:12:46 -0700
Subject: Fixed TALOS-2019-0821,
 reading invalid data from the file when bpl is -1

Origin: upstream, 2.0.5, commit:b920be2b3fc6, commit:https://github.com/libsdl-org/SDL_image/commit/802a9ecaad2cebb18223ba69d6570069725c6a0d
---
 IMG_pcx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/IMG_pcx.c b/IMG_pcx.c
index 424810c..0116f17 100644
--- a/IMG_pcx.c
+++ b/IMG_pcx.c
@@ -148,7 +148,7 @@ SDL_Surface *IMG_LoadPCX_RW(SDL_RWops *src)
 		goto done;
 
 	bpl = pcxh.NPlanes * pcxh.BytesPerLine;
-	if (bpl > surface->pitch) {
+	if (bpl < 0 || bpl > surface->pitch) {
 		error = "bytes per line is too large (corrupt?)";
 		goto done;
 	}