fix CVE-2022-4743

modified: SDL2.spec
2023-01-10 15:17:56 +08:00 · 2023-01-10 15:17:56 +08:00 · 6edb5a5e86
commit 6edb5a5e86
parent 611ce9c248
2 changed files with 38 additions and 1 deletions
--- a/CVE-2022-4743.patch
+++ b/CVE-2022-4743.patch
@ -0,0 +1,33 @@
 From 00b67f55727bc0944c3266e2b875440da132ce4b Mon Sep 17 00:00:00 2001
 From: zhailiangliang <zhailiangliang@loongson.cn>
 Date: Wed, 21 Sep 2022 10:30:38 +0800
 Subject: [PATCH] Fix potential memory leak in GLES_CreateTexture
 ---
 src/render/opengles/SDL_render_gles.c | 6 ++++++
 1 file changed, 6 insertions(+)
 diff --git a/src/render/opengles/SDL_render_gles.c b/src/render/opengles/SDL_render_gles.c
 index a5fbab309eda..ba08a46e2805 100644
 --- a/src/render/opengles/SDL_render_gles.c
 +++ b/src/render/opengles/SDL_render_gles.c
@@ -359,6 +359,9 @@ GLES_CreateTexture(SDL_Renderer * renderer, SDL_Texture * texture)
     renderdata->glGenTextures(1, &data->texture);
     result = renderdata->glGetError();
     if (result != GL_NO_ERROR) {
 +        if (texture->access == SDL_TEXTUREACCESS_STREAMING) {
 +            SDL_free(data->pixels);
 +        }
         SDL_free(data);
         return GLES_SetError("glGenTextures()", result);
     }
@@ -387,6 +390,9 @@ GLES_CreateTexture(SDL_Renderer * renderer, SDL_Texture * texture)
     result = renderdata->glGetError();
     if (result != GL_NO_ERROR) {
 +        if (texture->access == SDL_TEXTUREACCESS_STREAMING) {
 +            SDL_free(data->pixels);
 +        }
         SDL_free(data);
         return GLES_SetError("glTexImage2D()", result);
     }
--- a/SDL2.spec
+++ b/SDL2.spec
@ -1,6 +1,6 @@
 Name:           SDL2
 Version:        2.0.12
-Release:        4
+Release:        5
 Summary:        Cross-platform multimedia library
 License:        zlib and MIT
 URL:            http://www.libsdl.org/
@ -12,6 +12,7 @@ Patch0002:	Fix-build-against-wayland-1.20.patch
 #https://github.com/libsdl-org/SDL/commit/a7ff6e96155f550a5597621ebeddd03c98aa9294
 Patch0003:      CVE-2020-14409_CVE-2020-14410.patch
 Patch6000:      backport-CVE-2021-33657.patch
 Patch6001:      CVE-2022-4743.patch
 BuildRequires:  alsa-lib-devel audiofile-devel mesa-libGL-devel
 BuildRequires:  mesa-libGLU-devel mesa-libEGL-devel libglvnd-devel
@ -93,6 +94,9 @@ rm -vf %{buildroot}%{_libdir}/*.la
 %{_libdir}/lib*.a
 %changelog
 * Tue Jan 10 2023 jiangpeng <jiangpeng01@ncti-gba.cn> - 2.0.12-5
 - fix CVE-2022-4743
 * Mon Apr 11 2022 yaoxin <yaoxin30@h-partners.com> - 2.0.12-4
 - Fix CVE-2020-14409 CVE-2020-14410