svn commit: r452939 - in head/graphics/sdl2_image: . files

Jan Beich jbeich at FreeBSD.org
Thu Oct 26 18:53:44 UTC 2017 

Author: jbeich
Date: Thu Oct 26 18:53:43 2017
New Revision: 452939
URL: https://svnweb.freebsd.org/changeset/ports/452939

Log:
  graphics/sdl2_image: backport XCF vulnerability fix
  
  Obtained from:	upstream (SDL_image-2.0.2)
  Security:	CVE-2017-2887

Added:
  head/graphics/sdl2_image/files/
  head/graphics/sdl2_image/files/patch-IMG__xcf.c   (contents, props changed)
Modified:
  head/graphics/sdl2_image/Makefile   (contents, props changed)

Modified: head/graphics/sdl2_image/Makefile
==============================================================================
--- head/graphics/sdl2_image/Makefile	Thu Oct 26 18:42:11 2017	(r452938)
+++ head/graphics/sdl2_image/Makefile	Thu Oct 26 18:53:43 2017	(r452939)
@@ -2,7 +2,7 @@
 
 PORTNAME=	sdl2_image
 PORTVERSION=	2.0.1
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	graphics
 MASTER_SITES=	http://www.libsdl.org/projects/SDL_image/release/
 DISTNAME=	SDL2_image-${PORTVERSION}

Added: head/graphics/sdl2_image/files/patch-IMG__xcf.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/graphics/sdl2_image/files/patch-IMG__xcf.c	Thu Oct 26 18:53:43 2017	(r452939)
@@ -0,0 +1,27 @@
+Fixed security vulnerability in XCF image loader (thanks Yves!)
+https://hg.libsdl.org/SDL_image/rev/318484db0705
+
+--- IMG_xcf.c.orig	2016-01-03 05:52:28 UTC
++++ IMG_xcf.c
+@@ -251,6 +251,7 @@ static Uint32 Swap32 (Uint32 v) {
+ }
+ 
+ static void xcf_read_property (SDL_RWops * src, xcf_prop * prop) {
++  Uint32 len;
+   prop->id = SDL_ReadBE32 (src);
+   prop->length = SDL_ReadBE32 (src);
+ 
+@@ -274,7 +275,12 @@ static void xcf_read_property (SDL_RWops * src, xcf_pr
+     break;
+   case PROP_COMPRESSION:
+   case PROP_COLOR:
+-    SDL_RWread (src, &prop->data, prop->length, 1);
++    if (prop->length > sizeof(prop->data)) {
++        len = sizeof(prop->data);
++    } else {
++        len = prop->length;
++    }
++    SDL_RWread(src, &prop->data, len, 1);
+     break;
+   case PROP_VISIBLE:
+     prop->data.visible = SDL_ReadBE32 (src);

More information about the svn-ports-head mailing list