[dunfell,03/11] libsdl2: Add fix for CVE-2021-33657

Message ID	1cc84e4c51c9afaa5dcb5011e6511496e00d2c8a.1654136888.git.steve@sakoman.com
State	Accepted, archived
Commit	1cc84e4c51c9afaa5dcb5011e6511496e00d2c8a
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.179, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 03/11] libsdl2: Add fix for CVE-2021-33657 Date: Wed, 1 Jun 2022 16:30:43 -1000 Message-Id: <1cc84e4c51c9afaa5dcb5011e6511496e00d2c8a.1654136888.git.steve@sakoman.com> In-Reply-To: <cover.1654136888.git.steve@sakoman.com> References: <cover.1654136888.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[dunfell,01/11] ruby: Upgrade ruby to 2.7.6 for security fix \| expand [dunfell,01/11] ruby: Upgrade ruby to 2.7.6 for security fix [dunfell,02/11] ruby: Whitelist CVE-2021-28966 as this affects Windows OS only [dunfell,03/11] libsdl2: Add fix for CVE-2021-33657 [dunfell,04/11] ffmpeg: Fix for CVE-2022-1475 [dunfell,05/11] ncurses: Fix CVE-2022-29458 [dunfell,06/11] libxml2: Fix CVE-2022-29824 for libxml2 [dunfell,07/11] vim: Upgrade 8.2.4912 -> 8.2.5034 to fix 9 CVEs [dunfell,08/11] cve-check.bbclass: Added do_populate_sdk[recrdeptask]. [dunfell,09/11] cve-check: Add helper for symlink handling [dunfell,10/11] cve-check: Only include installed packages for rootfs manifest [dunfell,11/11] cve-check: Allow warnings to be disabled

Message ID

1cc84e4c51c9afaa5dcb5011e6511496e00d2c8a.1654136888.git.steve@sakoman.com

State

Accepted, archived

Commit

1cc84e4c51c9afaa5dcb5011e6511496e00d2c8a

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 03/11] libsdl2: Add fix for CVE-2021-33657
Date: Wed,  1 Jun 2022 16:30:43 -1000
Message-Id: 
 <1cc84e4c51c9afaa5dcb5011e6511496e00d2c8a.1654136888.git.steve@sakoman.com>
In-Reply-To: <cover.1654136888.git.steve@sakoman.com>
References: <cover.1654136888.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[dunfell,01/11] ruby: Upgrade ruby to 2.7.6 for security fix | expand

Commit Message

Steve Sakoman June 2, 2022, 2:30 a.m. UTC

From: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>

Add patch to fix CVE-2021-33657 issue for libsdl2
Link: https://security-tracker.debian.org/tracker/CVE-2021-33657

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libsdl2/libsdl2/CVE-2021-33657.patch      | 38 +++++++++++++++++++
 .../libsdl2/libsdl2_2.0.12.bb                 |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch

diff --git a/meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch b/meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch
new file mode 100644
index 0000000000..a4ed7ab8e6
--- /dev/null
+++ b/meta/recipes-graphics/libsdl2/libsdl2/CVE-2021-33657.patch
@@ -0,0 +1,38 @@ 
+From 8c91cf7dba5193f5ce12d06db1336515851c9ee9 Mon Sep 17 00:00:00 2001
+From: Sam Lantinga <slouken@libsdl.org>
+Date: Tue, 30 Nov 2021 12:36:46 -0800
+Subject: [PATCH] Always create a full 256-entry map in case color values are
+ out of range
+
+Fixes https://github.com/libsdl-org/SDL/issues/5042
+
+CVE: CVE-2021-33657
+Upstream-Status: Backport [https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9.patch]
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+
+---
+ src/video/SDL_pixels.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/video/SDL_pixels.c b/src/video/SDL_pixels.c
+index ac04533c5d5..9bb02f771d0 100644
+--- a/src/video/SDL_pixels.c
++++ b/src/video/SDL_pixels.c
+@@ -947,7 +947,7 @@ Map1to1(SDL_Palette * src, SDL_Palette * dst, int *identical)
+         }
+         *identical = 0;
+     }
+-    map = (Uint8 *) SDL_malloc(src->ncolors);
++    map = (Uint8 *) SDL_calloc(256, sizeof(Uint8));
+     if (map == NULL) {
+         SDL_OutOfMemory();
+         return (NULL);
+@@ -971,7 +971,7 @@ Map1toN(SDL_PixelFormat * src, Uint8 Rmod, Uint8 Gmod, Uint8 Bmod, Uint8 Amod,
+     SDL_Palette *pal = src->palette;
+ 
+     bpp = ((dst->BytesPerPixel == 3) ? 4 : dst->BytesPerPixel);
+-    map = (Uint8 *) SDL_malloc(pal->ncolors * bpp);
++    map = (Uint8 *) SDL_calloc(256, bpp);
+     if (map == NULL) {
+         SDL_OutOfMemory();
+         return (NULL);
diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
index 8e77c18f2d..44d36fca22 100644
--- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
+++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.12.bb
@@ -21,6 +21,7 @@  SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \
            file://directfb-spurious-curly-brace-missing-e.patch \
            file://directfb-renderfillrect-fix.patch \
            file://CVE-2020-14409-14410.patch \
+           file://CVE-2021-33657.patch \
 "
 
 S = "${WORKDIR}/SDL2-${PV}"

[dunfell,03/11] libsdl2: Add fix for CVE-2021-33657

Commit Message

Patch