Sophie

Sophie

distrib > Mageia > 8 > x86_64 > by-pkgid > a48407b9ae23d07a9f26b820f1a114a4 > files > 15

SDL_image-1.2.12-14.mga8.src.rpm

Description: fix invalid data read on bpl == -1
 Issue known as TALOS-2019-0821, or CVE-2019-5052.
Author: Sam Lantinga <slouken@libsdl.org>
Origin: upstream, https://hg.libsdl.org/SDL_image/rev/b920be2b3fc6
--- a/IMG_pcx.c	2019-07-23 11:55:37.921487131 -0300
+++ b/IMG_pcx.c	2019-07-23 11:55:46.429453620 -0300
@@ -148,7 +148,7 @@
 		goto done;
 
 	bpl = pcxh.NPlanes * pcxh.BytesPerLine;
-	if (bpl > surface->pitch) {
+	if (bpl < 0 || bpl > surface->pitch) {
 		error = "bytes per line is too large (corrupt?)";
 		goto done;
 	}

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional