svn commit: r452943 - in head/graphics/sdl_image: . files

Jan Beich jbeich at FreeBSD.org
Thu Oct 26 19:04:43 UTC 2017 

Author: jbeich
Date: Thu Oct 26 19:04:42 2017
New Revision: 452943
URL: https://svnweb.freebsd.org/changeset/ports/452943

Log:
  graphics/sdl_image: backport XCF vulnerability fix
  
  Obtained from:	upstream (SDL_image-2.0.2)
  Security:	CVE-2017-2887
  Tested by:	Debian

Added:
  head/graphics/sdl_image/files/
  head/graphics/sdl_image/files/patch-IMG__xcf.c   (contents, props changed)
Modified:
  head/graphics/sdl_image/Makefile   (contents, props changed)

Modified: head/graphics/sdl_image/Makefile
==============================================================================
--- head/graphics/sdl_image/Makefile	Thu Oct 26 18:59:09 2017	(r452942)
+++ head/graphics/sdl_image/Makefile	Thu Oct 26 19:04:42 2017	(r452943)
@@ -3,7 +3,7 @@
 
 PORTNAME=	sdl_image
 PORTVERSION=	1.2.12
-PORTREVISION=	10
+PORTREVISION=	11
 CATEGORIES=	graphics
 MASTER_SITES=	http://www.libsdl.org/projects/SDL_image/release/
 DISTNAME=	SDL_image-${PORTVERSION}

Added: head/graphics/sdl_image/files/patch-IMG__xcf.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/graphics/sdl_image/files/patch-IMG__xcf.c	Thu Oct 26 19:04:42 2017	(r452943)
@@ -0,0 +1,27 @@
+Fixed security vulnerability in XCF image loader (thanks Yves!)
+https://hg.libsdl.org/SDL_image/rev/318484db0705
+
+--- IMG_xcf.c.orig	2012-01-21 01:51:33 UTC
++++ IMG_xcf.c
+@@ -251,6 +251,7 @@ static Uint32 Swap32 (Uint32 v) {
+ }
+ 
+ static void xcf_read_property (SDL_RWops * src, xcf_prop * prop) {
++  Uint32 len;
+   prop->id = SDL_ReadBE32 (src);
+   prop->length = SDL_ReadBE32 (src);
+ 
+@@ -274,7 +275,12 @@ static void xcf_read_property (SDL_RWops * src, xcf_pr
+     break;
+   case PROP_COMPRESSION:
+   case PROP_COLOR:
+-    SDL_RWread (src, &prop->data, prop->length, 1);
++    if (prop->length > sizeof(prop->data)) {
++        len = sizeof(prop->data);
++    } else {
++        len = prop->length;
++    }
++    SDL_RWread(src, &prop->data, len, 1);
+     break;
+   case PROP_VISIBLE:
+     prop->data.visible = SDL_ReadBE32 (src);

More information about the svn-ports-head mailing list