Projects
Mega:24.03:SP1:Everything
SDL
_service:tar_scm:CVE-2019-7637.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:CVE-2019-7637.patch of Package SDL
--- a/src/video/SDL_pixels.c Sat Mar 16 18:35:33 2019 -0700 +++ b/src/video/SDL_pixels.c Sat Mar 16 19:16:24 2019 -0700 @@ -286,26 +286,53 @@ } } /* - * Calculate the pad-aligned scanline width of a surface + * Calculate the pad-aligned scanline width of a surface. Return 0 in case of + * an error. */ Uint16 SDL_CalculatePitch(SDL_Surface *surface) { - Uint16 pitch; + unsigned int pitch = 0; /* Surface should be 4-byte aligned for speed */ - pitch = surface->w*surface->format->BytesPerPixel; + /* The code tries to prevent from an Uint16 overflow. */; + for (Uint8 byte = surface->format->BytesPerPixel; byte; byte--) { + pitch += (unsigned int)surface->w; + if (pitch < surface->w) { + SDL_SetError("A scanline is too wide"); + return(0); + } + } switch (surface->format->BitsPerPixel) { case 1: - pitch = (pitch+7)/8; + if (pitch % 8) { + pitch = pitch / 8 + 1; + } else { + pitch = pitch / 8; + } break; case 4: - pitch = (pitch+1)/2; + if (pitch % 2) { + pitch = pitch / 2 + 1; + } else { + pitch = pitch / 2; + } break; default: break; } - pitch = (pitch + 3) & ~3; /* 4-byte aligning */ - return(pitch); + /* 4-byte aligning */ + if (pitch & 3) { + if (pitch + 3 < pitch) { + SDL_SetError("A scanline is too wide"); + return(0); + } + pitch = (pitch + 3) & ~3; + } + if (pitch > 0xFFFF) { + SDL_SetError("A scanline is too wide"); + return(0); + } + return((Uint16)pitch); } /* * Match an RGB value to a particular palette index --- a/src/video/gapi/SDL_gapivideo.c Sat Mar 16 18:35:33 2019 -0700 +++ b/src/video/gapi/SDL_gapivideo.c Sat Mar 16 19:16:24 2019 -0700 @@ -733,6 +733,9 @@ video->w = gapi->w = width; video->h = gapi->h = height; video->pitch = SDL_CalculatePitch(video); + if (!current->pitch) { + return(NULL); + } /* Small fix for WinCE/Win32 - when activating window SDL_VideoSurface is equal to zero, so activating code --- a/src/video/nanox/SDL_nxvideo.c Sat Mar 16 18:35:33 2019 -0700 +++ b/src/video/nanox/SDL_nxvideo.c Sat Mar 16 19:16:24 2019 -0700 @@ -378,6 +378,10 @@ current -> w = width ; current -> h = height ; current -> pitch = SDL_CalculatePitch (current) ; + if (!current->pitch) { + current = NULL; + goto done; + } NX_ResizeImage (this, current, flags) ; } --- a/src/video/ps2gs/SDL_gsvideo.c Sat Mar 16 18:35:33 2019 -0700 +++ b/src/video/ps2gs/SDL_gsvideo.c Sat Mar 16 19:16:24 2019 -0700 @@ -479,6 +479,9 @@ current->w = width; current->h = height; current->pitch = SDL_CalculatePitch(current); + if (!current->pitch) { + return(NULL); + } /* Memory map the DMA area for block memory transfer */ if ( ! mapped_mem ) { --- a/src/video/ps3/SDL_ps3video.c Sat Mar 16 18:35:33 2019 -0700 +++ b/src/video/ps3/SDL_ps3video.c Sat Mar 16 19:16:24 2019 -0700 @@ -339,6 +339,9 @@ current->w = width; current->h = height; current->pitch = SDL_CalculatePitch(current); + if (!current->pitch) { + return(NULL); + } /* Alloc aligned mem for current->pixels */ s_pixels = memalign(16, current->h * current->pitch); --- a/src/video/windib/SDL_dibvideo.c Sat Mar 16 18:35:33 2019 -0700 +++ b/src/video/windib/SDL_dibvideo.c Sat Mar 16 19:16:24 2019 -0700 @@ -675,6 +675,9 @@ video->w = width; video->h = height; video->pitch = SDL_CalculatePitch(video); + if (!current->pitch) { + return(NULL); + } /* Small fix for WinCE/Win32 - when activating window SDL_VideoSurface is equal to zero, so activating code --- a/src/video/windx5/SDL_dx5video.c Sat Mar 16 18:35:33 2019 -0700 +++ b/src/video/windx5/SDL_dx5video.c Sat Mar 16 19:16:24 2019 -0700 @@ -1127,6 +1127,9 @@ video->w = width; video->h = height; video->pitch = SDL_CalculatePitch(video); + if (!current->pitch) { + return(NULL); + } #ifndef NO_CHANGEDISPLAYSETTINGS /* Set fullscreen mode if appropriate. --- a/src/video/x11/SDL_x11video.c Sat Mar 16 18:35:33 2019 -0700 +++ b/src/video/x11/SDL_x11video.c Sat Mar 16 19:16:24 2019 -0700 @@ -1225,6 +1225,10 @@ current->w = width; current->h = height; current->pitch = SDL_CalculatePitch(current); + if (!current->pitch) { + current = NULL; + goto done; + } if (X11_ResizeImage(this, current, flags) < 0) { current = NULL; goto done;
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2