[Pkg-sdl-commits] [sdl-image1.2] 01/01: Fix CVE-2017-2887: buffer overflow in the XCF property handling.

Felix Geyer fgeyer at moszumanska.debian.org
Wed Oct 18 20:18:24 UTC 2017 

This is an automated email from the git hooks/post-receive script.

fgeyer pushed a commit to branch master
in repository sdl-image1.2.

commit 6d92a8868a3dd1168a030f9cd7196f7e4e8a2a62
Author: Felix Geyer <fgeyer at debian.org>
Date:   Wed Oct 18 22:18:05 2017 +0200

    Fix CVE-2017-2887: buffer overflow in the XCF property handling.
    
    Closes: #878267
---
 debian/changelog                   |  7 +++++++
 debian/patches/CVE-2017-2887.patch | 33 +++++++++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 3 files changed, 41 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 0cae83c..e5d1d41 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+sdl-image1.2 (1.2.12-7) unstable; urgency=medium
+
+  * Fix CVE-2017-2887: buffer overflow in the XCF property handling.
+    (Closes: #878267)
+
+ -- Felix Geyer <fgeyer at debian.org>  Wed, 18 Oct 2017 22:15:49 +0200
+
 sdl-image1.2 (1.2.12-6) unstable; urgency=medium
 
   * Bump Policy Standards-Version to 4.0.0 (no changes needed)
diff --git a/debian/patches/CVE-2017-2887.patch b/debian/patches/CVE-2017-2887.patch
new file mode 100644
index 0000000..997f51f
--- /dev/null
+++ b/debian/patches/CVE-2017-2887.patch
@@ -0,0 +1,33 @@
+# HG changeset patch
+# User Sam Lantinga <slouken at libsdl.org>
+# Date 1507329619 25200
+# Node ID 318484db0705d07d4d1f4c0a1d3d5ea69f6ba2b0
+# Parent  7ad06019831d474380fd5a63e518d21219031519
+Fixed security vulnerability in XCF image loader (thanks Yves!)
+
+diff -r 7ad06019831d -r 318484db0705 IMG_xcf.c
+--- a/IMG_xcf.c	Mon Sep 18 16:10:17 2017 -0700
++++ b/IMG_xcf.c	Fri Oct 06 15:40:19 2017 -0700
+@@ -251,6 +251,7 @@
+ }
+ 
+ static void xcf_read_property (SDL_RWops * src, xcf_prop * prop) {
++  Uint32 len;
+   prop->id = SDL_ReadBE32 (src);
+   prop->length = SDL_ReadBE32 (src);
+ 
+@@ -274,7 +275,12 @@
+     break;
+   case PROP_COMPRESSION:
+   case PROP_COLOR:
+-    SDL_RWread (src, &prop->data, prop->length, 1);
++    if (prop->length > sizeof(prop->data)) {
++        len = sizeof(prop->data);
++    } else {
++        len = prop->length;
++    }
++    SDL_RWread(src, &prop->data, len, 1);
+     break;
+   case PROP_VISIBLE:
+     prop->data.visible = SDL_ReadBE32 (src);
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..1552f98
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2017-2887.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-sdl/packages/sdl-image1.2.git

More information about the pkg-sdl-commits mailing list