File: CVE-2019-5058.patch

package info (click to toggle)

sdl-image1.2 1.2.12-14

links: PTS, VCS
area: main
in suites: forky, sid, trixie
size: 7,028 kB
sloc: sh: 10,194; ansic: 9,697; objc: 248; csh: 219; makefile: 83

file content (27 lines) | stat: -rw-r--r-- 1,095 bytes

From: Sam Lantinga <slouken@libsdl.org>
Date: Mon, 10 Jun 2019 17:24:08 -0700
Subject: Fixed TALOS-2019-0842 - XCF Image Code Execution Vulnerability

This patch addresses a bug in a previous security patch for CVE-2018-3977.
The initial patch failing to address this issue, the bug was "re-discovered"
later and addressed CVE-2019-5058.

Bug: https://security-tracker.debian.org/tracker/CVE-2019-5058
Origin: upstream, 2.0.5, commit:b1a80aec2b10, commit:https://github.com/libsdl-org/SDL_image/commit/0c1db6f7bcf62feb897bc639976d118d2f3fa51b
---
 IMG_xcf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/IMG_xcf.c b/IMG_xcf.c
index 93b6929..e26f66d 100644
--- a/IMG_xcf.c
+++ b/IMG_xcf.c
@@ -634,7 +634,7 @@ static int do_layer_surface (SDL_Surface * surface, SDL_RWops * src, xcf_header
       p16 = (Uint16 *) p8;
       p   = (Uint32 *) p8;
       for (y=ty; y < ty+oy; y++) {
-	if ((ty >= surface->h) || ((tx+ox) > surface->w)) {
+	if ((y >= surface->h) || ((tx+ox) > surface->w)) {
 		break;
 	}
 	row = (Uint32 *)((Uint8 *)surface->pixels + y*surface->pitch + tx*4);