[Pkg-sdl-commits] [libsdl2] 01/03: Fix CVE-2017-2888: Integer overflow while creating a new RGB surface.

Felix Geyer fgeyer at moszumanska.debian.org
Thu Oct 12 17:26:12 UTC 2017 

This is an automated email from the git hooks/post-receive script.

fgeyer pushed a commit to branch master
in repository libsdl2.

commit 66a3342316cc00013ce7e9c05653e2cd72a70abb
Author: Felix Geyer <fgeyer at debian.org>
Date:   Thu Oct 12 18:27:10 2017 +0200

    Fix CVE-2017-2888: Integer overflow while creating a new RGB surface.
    
    * Fix CVE-2017-2888: Integer overflow while creating a new RGB surface.
      - Add d/patches/CVE-2017-2888.patch
      - Closes: #878264
---
 debian/changelog                   |  8 +++++++-
 debian/patches/CVE-2017-2888.patch | 28 ++++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 3 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 83f8d75..b724036 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,16 @@
-libsdl2 (2.0.6+dfsg1-3) UNRELEASED; urgency=medium
+libsdl2 (2.0.6+dfsg1-3) UNRELEASED; urgency=high
 
+  [ Gianfranco Costamagna ]
   * debian/patches/dc7245e3d1f2.patch:
     - backport upstream fix for dbus error.
       LP: #1721907
       thanks LGB [Gábor Lénárt] (lgb) for the report!
 
+  [ Felix Geyer ]
+  * Fix CVE-2017-2888: Integer overflow while creating a new RGB surface.
+    - Add d/patches/CVE-2017-2888.patch
+    - Closes: #878264
+
  -- Gianfranco Costamagna <locutusofborg at debian.org>  Sat, 07 Oct 2017 09:33:15 +0200
 
 libsdl2 (2.0.6+dfsg1-2) unstable; urgency=medium
diff --git a/debian/patches/CVE-2017-2888.patch b/debian/patches/CVE-2017-2888.patch
new file mode 100644
index 0000000..083e045
--- /dev/null
+++ b/debian/patches/CVE-2017-2888.patch
@@ -0,0 +1,28 @@
+# HG changeset patch
+# User Sam Lantinga <slouken at libsdl.org>
+# Date 1507331870 25200
+# Node ID 7e0f1498ddb549a338a220534875529ef0ba55ce
+# Parent  dc7245e3d1f2ae032caa7776940af4aebe6afc05
+Fixed potential overflow in surface allocation (thanks Yves!)
+
+diff -r dc7245e3d1f2 -r 7e0f1498ddb5 src/video/SDL_surface.c
+--- a/src/video/SDL_surface.c	Thu Oct 05 09:37:28 2017 -0700
++++ b/src/video/SDL_surface.c	Fri Oct 06 16:17:50 2017 -0700
+@@ -80,7 +80,15 @@
+ 
+     /* Get the pixels */
+     if (surface->w && surface->h) {
+-        surface->pixels = SDL_malloc(surface->h * surface->pitch);
++        int size = (surface->h * surface->pitch);
++        if (size < 0 || (size / surface->pitch) != surface->h) {
++            /* Overflow... */
++            SDL_FreeSurface(surface);
++            SDL_OutOfMemory();
++            return NULL;
++        }
++
++        surface->pixels = SDL_malloc(size);
+         if (!surface->pixels) {
+             SDL_FreeSurface(surface);
+             SDL_OutOfMemory();
+
diff --git a/debian/patches/series b/debian/patches/series
index 0e79947..5493e69 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 no-libdir.patch
 dc7245e3d1f2.patch
+CVE-2017-2888.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-sdl/packages/libsdl2.git

More information about the pkg-sdl-commits mailing list