[Pkg-sdl-commits] [libsdl2-image] 01/02: Fix CVE-2017-2887: buffer overflow in the XCF property handling.

Felix Geyer fgeyer at moszumanska.debian.org
Wed Oct 18 20:09:54 UTC 2017 

This is an automated email from the git hooks/post-receive script.

fgeyer pushed a commit to branch master
in repository libsdl2-image.

commit 5bed53ec1269309cc6724700bb7c8ba10cc967b0
Author: Felix Geyer <fgeyer at debian.org>
Date:   Wed Oct 18 22:06:06 2017 +0200

    Fix CVE-2017-2887: buffer overflow in the XCF property handling.
    
    Closes: #878266
---
 debian/changelog                   |  5 +++++
 debian/patches/CVE-2017-2887.patch | 33 +++++++++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 3 files changed, 39 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index eb1a62b..350f83f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,12 @@
 libsdl2-image (2.0.1+dfsg-4) UNRELEASED; urgency=medium
 
+  [ Manuel A. Fernandez Montecelo ]
   * d/copyright: Fix missing "General" in LGPL license
 
+  [ Felix Geyer ]
+  * Fix CVE-2017-2887: buffer overflow in the XCF property handling.
+    (Closes: #878266)
+
  -- Manuel A. Fernandez Montecelo <mafm at debian.org>  Mon, 31 Jul 2017 23:49:20 +0200
 
 libsdl2-image (2.0.1+dfsg-3) unstable; urgency=medium
diff --git a/debian/patches/CVE-2017-2887.patch b/debian/patches/CVE-2017-2887.patch
new file mode 100644
index 0000000..997f51f
--- /dev/null
+++ b/debian/patches/CVE-2017-2887.patch
@@ -0,0 +1,33 @@
+# HG changeset patch
+# User Sam Lantinga <slouken at libsdl.org>
+# Date 1507329619 25200
+# Node ID 318484db0705d07d4d1f4c0a1d3d5ea69f6ba2b0
+# Parent  7ad06019831d474380fd5a63e518d21219031519
+Fixed security vulnerability in XCF image loader (thanks Yves!)
+
+diff -r 7ad06019831d -r 318484db0705 IMG_xcf.c
+--- a/IMG_xcf.c	Mon Sep 18 16:10:17 2017 -0700
++++ b/IMG_xcf.c	Fri Oct 06 15:40:19 2017 -0700
+@@ -251,6 +251,7 @@
+ }
+ 
+ static void xcf_read_property (SDL_RWops * src, xcf_prop * prop) {
++  Uint32 len;
+   prop->id = SDL_ReadBE32 (src);
+   prop->length = SDL_ReadBE32 (src);
+ 
+@@ -274,7 +275,12 @@
+     break;
+   case PROP_COMPRESSION:
+   case PROP_COLOR:
+-    SDL_RWread (src, &prop->data, prop->length, 1);
++    if (prop->length > sizeof(prop->data)) {
++        len = sizeof(prop->data);
++    } else {
++        len = prop->length;
++    }
++    SDL_RWread(src, &prop->data, len, 1);
+     break;
+   case PROP_VISIBLE:
+     prop->data.visible = SDL_ReadBE32 (src);
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..1552f98
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2017-2887.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-sdl/packages/libsdl2-image.git

More information about the pkg-sdl-commits mailing list