NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/sdl2: backport upstream security fix for CVE-2022-4743

Browse Source 
Fixes the following security vulnerability:

CVE-2022-4743: A potential memory leak issue was discovered in SDL2 in
GLES_CreateTexture() function in SDL_render_gles.c.  The vulnerability
allows an attacker to cause a denial of service attack.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard 2023-02-14 15:19:25 +01:00
parent a5240ca499
commit a74860f35d
2 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
package/sdl2/0002-Fix-potential-memory-leak-in-GLES_CreateTexture.patch Normal file
View File

@ -0,0 +1,37 @@
From 00b67f55727bc0944c3266e2b875440da132ce4b Mon Sep 17 00:00:00 2001
From: zhailiangliang <zhailiangliang@loongson.cn>
Date: Wed, 21 Sep 2022 10:30:38 +0800
Subject: [PATCH] Fix potential memory leak in GLES_CreateTexture
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/render/opengles/SDL_render_gles.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/render/opengles/SDL_render_gles.c b/src/render/opengles/SDL_render_gles.c
index a5fbab309..ba08a46e2 100644
--- a/src/render/opengles/SDL_render_gles.c
+++ b/src/render/opengles/SDL_render_gles.c
@@ -359,6 +359,9 @@ GLES_CreateTexture(SDL_Renderer * renderer, SDL_Texture * texture)
renderdata->glGenTextures(1, &data->texture);
result = renderdata->glGetError();
if (result != GL_NO_ERROR) {
+ if (texture->access == SDL_TEXTUREACCESS_STREAMING) {
+ SDL_free(data->pixels);
+ }
SDL_free(data);
return GLES_SetError("glGenTextures()", result);
}
@@ -387,6 +390,9 @@ GLES_CreateTexture(SDL_Renderer * renderer, SDL_Texture * texture)
result = renderdata->glGetError();
if (result != GL_NO_ERROR) {
+ if (texture->access == SDL_TEXTUREACCESS_STREAMING) {
+ SDL_free(data->pixels);
+ }
SDL_free(data);
return GLES_SetError("glTexImage2D()", result);
}
--
2.30.2

3
package/sdl2/sdl2.mk
View File

@ -22,6 +22,9 @@ SDL2_CONF_OPTS += \
--disable-pulseaudio \
--disable-video-wayland
# 0002-Fix-potential-memory-leak-in-GLES_CreateTexture.patch
SDL2_IGNORE_CVES += CVE-2022-4743
# We are using autotools build system for sdl2, so the sdl2-config.cmake
# include path are not resolved like for sdl2-config script.
# Change the absolute /usr path to resolve relatively to the sdl2-config.cmake location.