From: Ranjitsinh Rathod <ranjitsinh.rat...@kpit.com> Add patch to fix CVE-2021-33657 issue for libsdl2 Link: https://security-tracker.debian.org/tracker/CVE-2021-33657
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rat...@kpit.com> Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1...@gmail.com> Signed-off-by: Steve Sakoman <st...@sakoman.com> --- .../libsdl2/libsdl2/CVE-2021-33657.patch | 38 +++++++++++++++++++ .../libsdl2/libsdl2_2.0.12.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch diff --git a/meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch b/meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch new file mode 100644 index 0000000000..a4ed7ab8e6 --- /dev/null +++ b/meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch @@ -0,0 +1,38 @@ +From 8c91cf7dba5193f5ce12d06db1336515851c9ee9 Mon Sep 17 00:00:00 2001 +From: Sam Lantinga <slou...@libsdl.org> +Date: Tue, 30 Nov 2021 12:36:46 -0800 +Subject: [PATCH] Always create a full 256-entry map in case color values are + out of range + +Fixes https://github.com/libsdl-org/SDL/issues/5042 + +CVE: CVE-2021-33657 +Upstream-Status: Backport [https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9.patch] +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rat...@kpit.com> + +--- + src/video/SDL_pixels.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/video/SDL_pixels.c b/src/video/SDL_pixels.c +index ac04533c5d5..9bb02f771d0 100644 +--- a/src/video/SDL_pixels.c ++++ b/src/video/SDL_pixels.c +@@ -947,7 +947,7 @@ Map1to1(SDL_Palette * src, SDL_Palette * dst, int *identical) + } + *identical = 0; + } +- map = (Uint8 *) SDL_malloc(src->ncolors); ++ map = (Uint8 *) SDL_calloc(256, sizeof(Uint8)); + if (map == NULL) { + SDL_OutOfMemory(); + return (NULL); +@@ -971,7 +971,7 @@ Map1toN(SDL_PixelFormat * src, Uint8 Rmod, Uint8 Gmod, Uint8 Bmod, Uint8 Amod, + SDL_Palette *pal = src->palette; + + bpp = ((dst->BytesPerPixel == 3) ? 4 : dst->BytesPerPixel); +- map = (Uint8 *) SDL_malloc(pal->ncolors * bpp); ++ map = (Uint8 *) SDL_calloc(256, bpp); + if (map == NULL) { + SDL_OutOfMemory(); + return (NULL); diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb index 8e77c18f2d..44d36fca22 100644 --- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb +++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb @@ -21,6 +21,7 @@ SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \ file://directfb-spurious-curly-brace-missing-e.patch \ file://directfb-renderfillrect-fix.patch \ file://CVE-2020-14409-14410.patch \ + file://CVE-2021-33657.patch \ " S = "${WORKDIR}/SDL2-${PV}" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#166451): https://lists.openembedded.org/g/openembedded-core/message/166451 Mute This Topic: https://lists.openembedded.org/mt/91492147/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
