| Message ID | 20221121072444.3980541-1-peter@korsgaard.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | package/sdl: add upstream security fix for CVE-2022-34568 | expand |
Peter, All, On 2022-11-21 08:24 +0100, Peter Korsgaard spake thusly: > SDL v1.2 was discovered to contain a use-after-free via the XFree function > at /src/video/x11/SDL_x11yuv.c. > > https://github.com/advisories/GHSA-wr7h-5wm3-p3h4 > > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Applied to master, thanks. Regards, Yann E. MORIN. > --- > ...x11yuv.c-fix-possible-use-after-free.patch | 28 +++++++++++++++++++ > package/sdl/sdl.mk | 3 ++ > 2 files changed, 31 insertions(+) > create mode 100644 package/sdl/0003-SDL_x11yuv.c-fix-possible-use-after-free.patch > > diff --git a/package/sdl/0003-SDL_x11yuv.c-fix-possible-use-after-free.patch b/package/sdl/0003-SDL_x11yuv.c-fix-possible-use-after-free.patch > new file mode 100644 > index 0000000000..d7858d0f96 > --- /dev/null > +++ b/package/sdl/0003-SDL_x11yuv.c-fix-possible-use-after-free.patch > @@ -0,0 +1,28 @@ > +From d7e00208738a0bc6af302723fe64908ac35b777b Mon Sep 17 00:00:00 2001 > +From: Ozkan Sezer <sezeroz@gmail.com> > +Date: Sat, 18 Jun 2022 14:55:00 +0300 > +Subject: [PATCH] SDL_x11yuv.c: fix possible use-after-free > + > +Fixes: https://github.com/libsdl-org/SDL-1.2/issues/863 > +Signed-off-by: Peter Korsgaard <peter@korsgaard.com> > +--- > + src/video/x11/SDL_x11yuv.c | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/src/video/x11/SDL_x11yuv.c b/src/video/x11/SDL_x11yuv.c > +index 62698dfd..0d5754e3 100644 > +--- a/src/video/x11/SDL_x11yuv.c > ++++ b/src/video/x11/SDL_x11yuv.c > +@@ -374,8 +374,8 @@ SDL_Overlay *X11_CreateYUVOverlay(_THIS, int width, int height, Uint32 format, S > + #ifdef PITCH_WORKAROUND > + if ( hwdata->image != NULL && hwdata->image->pitches[0] != (width*bpp) ) { > + /* Ajust overlay width according to pitch */ > +- XFree(hwdata->image); > + width = hwdata->image->pitches[0] / bpp; > ++ XFree(hwdata->image); > + hwdata->image = SDL_NAME(XvCreateImage)(GFX_Display, xv_port, format, > + 0, width, height); > + } > +-- > +2.30.2 > + > diff --git a/package/sdl/sdl.mk b/package/sdl/sdl.mk > index 7389cd3edb..462600debb 100644 > --- a/package/sdl/sdl.mk > +++ b/package/sdl/sdl.mk > @@ -13,6 +13,9 @@ SDL_CPE_ID_VENDOR = libsdl > SDL_CPE_ID_PRODUCT = simple_directmedia_layer > SDL_INSTALL_STAGING = YES > > +# 0003-SDL_x11yuv.c-fix-possible-use-after-free.patch > +SDL_IGNORE_CVES += CVE-2022-34568 > + > # we're patching configure.in, but package cannot autoreconf with our version of > # autotools, so we have to do it manually instead of setting SDL_AUTORECONF = YES > define SDL_RUN_AUTOGEN > -- > 2.30.2 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: > SDL v1.2 was discovered to contain a use-after-free via the XFree function > at /src/video/x11/SDL_x11yuv.c. > https://github.com/advisories/GHSA-wr7h-5wm3-p3h4 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Committed to 2022.08.x and 2022.02.x, thanks.
diff --git a/package/sdl/0003-SDL_x11yuv.c-fix-possible-use-after-free.patch b/package/sdl/0003-SDL_x11yuv.c-fix-possible-use-after-free.patch new file mode 100644 index 0000000000..d7858d0f96 --- /dev/null +++ b/package/sdl/0003-SDL_x11yuv.c-fix-possible-use-after-free.patch @@ -0,0 +1,28 @@ +From d7e00208738a0bc6af302723fe64908ac35b777b Mon Sep 17 00:00:00 2001 +From: Ozkan Sezer <sezeroz@gmail.com> +Date: Sat, 18 Jun 2022 14:55:00 +0300 +Subject: [PATCH] SDL_x11yuv.c: fix possible use-after-free + +Fixes: https://github.com/libsdl-org/SDL-1.2/issues/863 +Signed-off-by: Peter Korsgaard <peter@korsgaard.com> +--- + src/video/x11/SDL_x11yuv.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/video/x11/SDL_x11yuv.c b/src/video/x11/SDL_x11yuv.c +index 62698dfd..0d5754e3 100644 +--- a/src/video/x11/SDL_x11yuv.c ++++ b/src/video/x11/SDL_x11yuv.c +@@ -374,8 +374,8 @@ SDL_Overlay *X11_CreateYUVOverlay(_THIS, int width, int height, Uint32 format, S + #ifdef PITCH_WORKAROUND + if ( hwdata->image != NULL && hwdata->image->pitches[0] != (width*bpp) ) { + /* Ajust overlay width according to pitch */ +- XFree(hwdata->image); + width = hwdata->image->pitches[0] / bpp; ++ XFree(hwdata->image); + hwdata->image = SDL_NAME(XvCreateImage)(GFX_Display, xv_port, format, + 0, width, height); + } +-- +2.30.2 + diff --git a/package/sdl/sdl.mk b/package/sdl/sdl.mk index 7389cd3edb..462600debb 100644 --- a/package/sdl/sdl.mk +++ b/package/sdl/sdl.mk @@ -13,6 +13,9 @@ SDL_CPE_ID_VENDOR = libsdl SDL_CPE_ID_PRODUCT = simple_directmedia_layer SDL_INSTALL_STAGING = YES +# 0003-SDL_x11yuv.c-fix-possible-use-after-free.patch +SDL_IGNORE_CVES += CVE-2022-34568 + # we're patching configure.in, but package cannot autoreconf with our version of # autotools, so we have to do it manually instead of setting SDL_AUTORECONF = YES define SDL_RUN_AUTOGEN
SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c. https://github.com/advisories/GHSA-wr7h-5wm3-p3h4 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> --- ...x11yuv.c-fix-possible-use-after-free.patch | 28 +++++++++++++++++++ package/sdl/sdl.mk | 3 ++ 2 files changed, 31 insertions(+) create mode 100644 package/sdl/0003-SDL_x11yuv.c-fix-possible-use-after-free.patch