SDL/CVE-2019-13616.patch

From 636be06fa7f0cd2ee4d79c8e891b3bcbce331d7b Mon Sep 17 00:00:00 2001
From: Ozkan Sezer <sezeroz@gmail.com>
Date: Tue, 30 Jul 2019 21:30:24 +0300
Subject: [PATCH] Fixed bug 4538 - validate image size when loading BMP files

--HG--
branch : SDL-1.2
---
 src/video/SDL_bmp.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/video/SDL_bmp.c b/src/video/SDL_bmp.c
index 758d4bb..6cadc8a 100644
--- a/src/video/SDL_bmp.c
+++ b/src/video/SDL_bmp.c
@@ -143,6 +143,11 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops *src, int freesrc)
 	(void) biYPelsPerMeter;
 	(void) biClrImportant;
 
+	if (biWidth <= 0 || biHeight == 0) {
+		SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
+		was_error = SDL_TRUE;
+		goto done;
+	}
 	if (biHeight < 0) {
 		topDown = SDL_TRUE;
 		biHeight = -biHeight;
-- 
1.8.3.1
fix CVE-2019-13616 2020-03-18 17:33:26 +08:00			`From 636be06fa7f0cd2ee4d79c8e891b3bcbce331d7b Mon Sep 17 00:00:00 2001`
			`From: Ozkan Sezer <sezeroz@gmail.com>`
			`Date: Tue, 30 Jul 2019 21:30:24 +0300`
			`Subject: [PATCH] Fixed bug 4538 - validate image size when loading BMP files`

			`--HG--`
			`branch : SDL-1.2`
			`---`
			`src/video/SDL_bmp.c \| 5 +++++`
			`1 file changed, 5 insertions(+)`

			`diff --git a/src/video/SDL_bmp.c b/src/video/SDL_bmp.c`
			`index 758d4bb..6cadc8a 100644`
			`--- a/src/video/SDL_bmp.c`
			`+++ b/src/video/SDL_bmp.c`
			`@@ -143,6 +143,11 @@ SDL_Surface * SDL_LoadBMP_RW (SDL_RWops *src, int freesrc)`
			`(void) biYPelsPerMeter;`
			`(void) biClrImportant;`

			`+ if (biWidth <= 0 \|\| biHeight == 0) {`
			`+ SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);`
			`+ was_error = SDL_TRUE;`
			`+ goto done;`
			`+ }`
			`if (biHeight < 0) {`
			`topDown = SDL_TRUE;`
			`biHeight = -biHeight;`
			`--`
			`1.8.3.1`