mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-21 03:32:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

libsdl2: Add fix for CVE-2021-33657

Browse Source 
Add patch to fix CVE-2021-33657 issue for libsdl2
Link: https://security-tracker.debian.org/tracker/CVE-2021-33657

(From OE-Core rev: 1cc84e4c51c9afaa5dcb5011e6511496e00d2c8a)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Ranjitsinh Rathod
2022-05-30 12:45:29 +05:30
committed by Richard Purdie
parent d6941efc0b
commit f0d18846de
2 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch Normal file
View File

@@ -0,0 +1,38 @@
From 8c91cf7dba5193f5ce12d06db1336515851c9ee9 Mon Sep 17 00:00:00 2001
From: Sam Lantinga <slouken@libsdl.org>
Date: Tue, 30 Nov 2021 12:36:46 -0800
Subject: [PATCH] Always create a full 256-entry map in case color values are
out of range
Fixes https://github.com/libsdl-org/SDL/issues/5042
CVE: CVE-2021-33657
Upstream-Status: Backport [https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9.patch]
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
---
src/video/SDL_pixels.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/video/SDL_pixels.c b/src/video/SDL_pixels.c
index ac04533c5d5..9bb02f771d0 100644
--- a/src/video/SDL_pixels.c
+++ b/src/video/SDL_pixels.c
@@ -947,7 +947,7 @@ Map1to1(SDL_Palette * src, SDL_Palette * dst, int *identical)
}
*identical = 0;
}
- map = (Uint8 *) SDL_malloc(src->ncolors);
+ map = (Uint8 *) SDL_calloc(256, sizeof(Uint8));
if (map == NULL) {
SDL_OutOfMemory();
return (NULL);
@@ -971,7 +971,7 @@ Map1toN(SDL_PixelFormat * src, Uint8 Rmod, Uint8 Gmod, Uint8 Bmod, Uint8 Amod,
SDL_Palette *pal = src->palette;
bpp = ((dst->BytesPerPixel == 3) ? 4 : dst->BytesPerPixel);
- map = (Uint8 *) SDL_malloc(pal->ncolors * bpp);
+ map = (Uint8 *) SDL_calloc(256, bpp);
if (map == NULL) {
SDL_OutOfMemory();
return (NULL);

1
meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
View File

@@ -21,6 +21,7 @@ SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \
file://directfb-spurious-curly-brace-missing-e.patch \
file://directfb-renderfillrect-fix.patch \
file://CVE-2020-14409-14410.patch \
file://CVE-2021-33657.patch \
"
S = "${WORKDIR}/SDL2-${PV}"