From a74860f35d9887cdc397659f56f27940bca787d1 Mon Sep 17 00:00:00 2001
From: Peter Korsgaard <peter@korsgaard.com>
Date: Tue, 14 Feb 2023 15:19:25 +0100
Subject: [PATCH] package/sdl2: backport upstream security fix for
 CVE-2022-4743

Fixes the following security vulnerability:

CVE-2022-4743: A potential memory leak issue was discovered in SDL2 in
GLES_CreateTexture() function in SDL_render_gles.c.  The vulnerability
allows an attacker to cause a denial of service attack.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 ...al-memory-leak-in-GLES_CreateTexture.patch | 37 +++++++++++++++++++
 package/sdl2/sdl2.mk                          |  3 ++
 2 files changed, 40 insertions(+)
 create mode 100644 package/sdl2/0002-Fix-potential-memory-leak-in-GLES_CreateTexture.patch

diff --git a/package/sdl2/0002-Fix-potential-memory-leak-in-GLES_CreateTexture.patch b/package/sdl2/0002-Fix-potential-memory-leak-in-GLES_CreateTexture.patch
new file mode 100644
index 0000000000..9488c1006c
--- /dev/null
+++ b/package/sdl2/0002-Fix-potential-memory-leak-in-GLES_CreateTexture.patch
@@ -0,0 +1,37 @@
+From 00b67f55727bc0944c3266e2b875440da132ce4b Mon Sep 17 00:00:00 2001
+From: zhailiangliang <zhailiangliang@loongson.cn>
+Date: Wed, 21 Sep 2022 10:30:38 +0800
+Subject: [PATCH] Fix potential memory leak in GLES_CreateTexture
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ src/render/opengles/SDL_render_gles.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/render/opengles/SDL_render_gles.c b/src/render/opengles/SDL_render_gles.c
+index a5fbab309..ba08a46e2 100644
+--- a/src/render/opengles/SDL_render_gles.c
++++ b/src/render/opengles/SDL_render_gles.c
+@@ -359,6 +359,9 @@ GLES_CreateTexture(SDL_Renderer * renderer, SDL_Texture * texture)
+     renderdata->glGenTextures(1, &data->texture);
+     result = renderdata->glGetError();
+     if (result != GL_NO_ERROR) {
++        if (texture->access == SDL_TEXTUREACCESS_STREAMING) {
++            SDL_free(data->pixels);
++        }
+         SDL_free(data);
+         return GLES_SetError("glGenTextures()", result);
+     }
+@@ -387,6 +390,9 @@ GLES_CreateTexture(SDL_Renderer * renderer, SDL_Texture * texture)
+ 
+     result = renderdata->glGetError();
+     if (result != GL_NO_ERROR) {
++        if (texture->access == SDL_TEXTUREACCESS_STREAMING) {
++            SDL_free(data->pixels);
++        }
+         SDL_free(data);
+         return GLES_SetError("glTexImage2D()", result);
+     }
+-- 
+2.30.2
+
diff --git a/package/sdl2/sdl2.mk b/package/sdl2/sdl2.mk
index 633383b9e1..c807023632 100644
--- a/package/sdl2/sdl2.mk
+++ b/package/sdl2/sdl2.mk
@@ -22,6 +22,9 @@ SDL2_CONF_OPTS += \
 	--disable-pulseaudio \
 	--disable-video-wayland
 
+# 0002-Fix-potential-memory-leak-in-GLES_CreateTexture.patch
+SDL2_IGNORE_CVES += CVE-2022-4743
+
 # We are using autotools build system for sdl2, so the sdl2-config.cmake
 # include path are not resolved like for sdl2-config script.
 # Change the absolute /usr path to resolve relatively to the sdl2-config.cmake location.