[Pkg-sdl-commits] [libsdl2] 01/03: Fix CVE-2017-2888: Integer overflow while creating a new RGB surface.
Felix Geyer
fgeyer at moszumanska.debian.org
Thu Oct 12 17:26:12 UTC 2017
This is an automated email from the git hooks/post-receive script.
fgeyer pushed a commit to branch master
in repository libsdl2.
commit 66a3342316cc00013ce7e9c05653e2cd72a70abb
Author: Felix Geyer <fgeyer at debian.org>
Date: Thu Oct 12 18:27:10 2017 +0200
Fix CVE-2017-2888: Integer overflow while creating a new RGB surface.
* Fix CVE-2017-2888: Integer overflow while creating a new RGB surface.
- Add d/patches/CVE-2017-2888.patch
- Closes: #878264
---
debian/changelog | 8 +++++++-
debian/patches/CVE-2017-2888.patch | 28 ++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 36 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 83f8d75..b724036 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,16 @@
-libsdl2 (2.0.6+dfsg1-3) UNRELEASED; urgency=medium
+libsdl2 (2.0.6+dfsg1-3) UNRELEASED; urgency=high
+ [ Gianfranco Costamagna ]
* debian/patches/dc7245e3d1f2.patch:
- backport upstream fix for dbus error.
LP: #1721907
thanks LGB [Gábor Lénárt] (lgb) for the report!
+ [ Felix Geyer ]
+ * Fix CVE-2017-2888: Integer overflow while creating a new RGB surface.
+ - Add d/patches/CVE-2017-2888.patch
+ - Closes: #878264
+
-- Gianfranco Costamagna <locutusofborg at debian.org> Sat, 07 Oct 2017 09:33:15 +0200
libsdl2 (2.0.6+dfsg1-2) unstable; urgency=medium
diff --git a/debian/patches/CVE-2017-2888.patch b/debian/patches/CVE-2017-2888.patch
new file mode 100644
index 0000000..083e045
--- /dev/null
+++ b/debian/patches/CVE-2017-2888.patch
@@ -0,0 +1,28 @@
+# HG changeset patch
+# User Sam Lantinga <slouken at libsdl.org>
+# Date 1507331870 25200
+# Node ID 7e0f1498ddb549a338a220534875529ef0ba55ce
+# Parent dc7245e3d1f2ae032caa7776940af4aebe6afc05
+Fixed potential overflow in surface allocation (thanks Yves!)
+
+diff -r dc7245e3d1f2 -r 7e0f1498ddb5 src/video/SDL_surface.c
+--- a/src/video/SDL_surface.c Thu Oct 05 09:37:28 2017 -0700
++++ b/src/video/SDL_surface.c Fri Oct 06 16:17:50 2017 -0700
+@@ -80,7 +80,15 @@
+
+ /* Get the pixels */
+ if (surface->w && surface->h) {
+- surface->pixels = SDL_malloc(surface->h * surface->pitch);
++ int size = (surface->h * surface->pitch);
++ if (size < 0 || (size / surface->pitch) != surface->h) {
++ /* Overflow... */
++ SDL_FreeSurface(surface);
++ SDL_OutOfMemory();
++ return NULL;
++ }
++
++ surface->pixels = SDL_malloc(size);
+ if (!surface->pixels) {
+ SDL_FreeSurface(surface);
+ SDL_OutOfMemory();
+
diff --git a/debian/patches/series b/debian/patches/series
index 0e79947..5493e69 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
no-libdir.patch
dc7245e3d1f2.patch
+CVE-2017-2888.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-sdl/packages/libsdl2.git
More information about the pkg-sdl-commits
mailing list