pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/graphics/SDL_image
Module Name: pkgsrc
Committed By: nia
Date: Thu May 14 16:08:07 UTC 2020
Modified Files:
pkgsrc/graphics/SDL_image: Makefile distinfo
Added Files:
pkgsrc/graphics/SDL_image/patches: patch-IMG__bmp.c patch-IMG__lbm.c
patch-IMG__pcx.c patch-IMG__xpm.c
Log Message:
SDL_image: Best effort attempt at grabbing fixes from upstream hg
Bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.52 -r1.53 pkgsrc/graphics/SDL_image/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/graphics/SDL_image/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/SDL_image/patches/patch-IMG__bmp.c \
pkgsrc/graphics/SDL_image/patches/patch-IMG__lbm.c \
pkgsrc/graphics/SDL_image/patches/patch-IMG__pcx.c \
pkgsrc/graphics/SDL_image/patches/patch-IMG__xpm.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/graphics/SDL_image/Makefile
diff -u pkgsrc/graphics/SDL_image/Makefile:1.52 pkgsrc/graphics/SDL_image/Makefile:1.53
--- pkgsrc/graphics/SDL_image/Makefile:1.52 Sun Jan 26 17:31:19 2020
+++ pkgsrc/graphics/SDL_image/Makefile Thu May 14 16:08:06 2020
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.52 2020/01/26 17:31:19 rillig Exp $
+# $NetBSD: Makefile,v 1.53 2020/05/14 16:08:06 nia Exp $
DISTNAME= SDL_image-1.2.12
-PKGREVISION= 8
+PKGREVISION= 9
CATEGORIES= graphics devel
MASTER_SITES= http://www.libsdl.org/projects/SDL_image/release/
Index: pkgsrc/graphics/SDL_image/distinfo
diff -u pkgsrc/graphics/SDL_image/distinfo:1.17 pkgsrc/graphics/SDL_image/distinfo:1.18
--- pkgsrc/graphics/SDL_image/distinfo:1.17 Tue Nov 3 21:33:52 2015
+++ pkgsrc/graphics/SDL_image/distinfo Thu May 14 16:08:06 2020
@@ -1,7 +1,11 @@
-$NetBSD: distinfo,v 1.17 2015/11/03 21:33:52 agc Exp $
+$NetBSD: distinfo,v 1.18 2020/05/14 16:08:06 nia Exp $
SHA1 (SDL_image-1.2.12.tar.gz) = 5e3e393d4e366638048bbb10d6a269ea3f4e4cf2
RMD160 (SDL_image-1.2.12.tar.gz) = 206990959c6b225286c0a19bc05b991c6bc2c3e8
SHA512 (SDL_image-1.2.12.tar.gz) = 0e71b280abc2a7f15755e4480a3c1b52d41f9f8b0c9216a6f5bd9fc0e939456fb5d6c10419e1d1904785783f9a1891ead278c03e88b0466fecc6871c3ca40136
Size (SDL_image-1.2.12.tar.gz) = 2231074 bytes
+SHA1 (patch-IMG__bmp.c) = 7c89a5bdcc5d3e5c1c7e2ee635dd063364bb8319
+SHA1 (patch-IMG__lbm.c) = 798ff3bc672894d4676214af97dbf30c3e639ffe
+SHA1 (patch-IMG__pcx.c) = 622c3c369b6830aa6b8093e58427555a16304576
+SHA1 (patch-IMG__xpm.c) = aab5f6949bc56f1087b3ff54eb763dd7a1aa1809
SHA1 (patch-Makefile.in) = e8ae18e00af376676b292dc8419ed0d50c038db3
Added files:
Index: pkgsrc/graphics/SDL_image/patches/patch-IMG__bmp.c
diff -u /dev/null pkgsrc/graphics/SDL_image/patches/patch-IMG__bmp.c:1.1
--- /dev/null Thu May 14 16:08:07 2020
+++ pkgsrc/graphics/SDL_image/patches/patch-IMG__bmp.c Thu May 14 16:08:07 2020
@@ -0,0 +1,92 @@
+$NetBSD: patch-IMG__bmp.c,v 1.1 2020/05/14 16:08:07 nia Exp $
+
+Various sanity fixes from upstream preventing potential
+security problems.
+
+--- IMG_bmp.c.orig 2012-01-21 01:51:33.000000000 +0000
++++ IMG_bmp.c
+@@ -272,6 +272,11 @@ static SDL_Surface *LoadBMP_RW (SDL_RWop
+ biClrUsed = SDL_ReadLE32(src);
+ biClrImportant = SDL_ReadLE32(src);
+ }
++ if (biWidth <= 0 || biHeight == 0) {
++ IMG_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
++ was_error = SDL_TRUE;
++ goto done;
++ }
+ if (biHeight < 0) {
+ topDown = SDL_TRUE;
+ biHeight = -biHeight;
+@@ -292,6 +297,15 @@ static SDL_Surface *LoadBMP_RW (SDL_RWop
+ ExpandBMP = biBitCount;
+ biBitCount = 8;
+ break;
++ case 0:
++ case 2:
++ case 3:
++ case 5:
++ case 6:
++ case 7:
++ IMG_SetError("%d-bpp BMP images are not supported", biBitCount);
++ was_error = SDL_TRUE;
++ goto done;
+ default:
+ ExpandBMP = 0;
+ break;
+@@ -444,7 +458,12 @@ static SDL_Surface *LoadBMP_RW (SDL_RWop
+ goto done;
+ }
+ }
+- *(bits+i) = (pixel>>shift);
++ bits[i] = (pixel >> shift);
++ if (bits[i] >= biClrUsed) {
++ IMG_SetError("A BMP image contains a pixel with a color out of the palette");
++ was_error = SDL_TRUE;
++ goto done;
++ }
+ pixel <<= ExpandBMP;
+ } }
+ break;
+@@ -456,6 +475,15 @@ static SDL_Surface *LoadBMP_RW (SDL_RWop
+ was_error = SDL_TRUE;
+ goto done;
+ }
++ if (biBitCount == 8 && palette && biClrUsed < (1 << biBitCount)) {
++ for (i = 0; i < surface->w; ++i) {
++ if (bits[i] >= biClrUsed) {
++ IMG_SetError("A BMP image contains a pixel with a color out of the palette");
++ was_error = SDL_TRUE;
++ goto done;
++ }
++ }
++ }
+ #if SDL_BYTEORDER == SDL_BIG_ENDIAN
+ /* Byte-swap the pixels if needed. Note that the 24bpp
+ case has already been taken care of above. */
+@@ -662,6 +690,14 @@ LoadICOCUR_RW(SDL_RWops * src, int type,
+ goto done;
+ }
+
++ /* sanity check image size, so we don't overflow integers, etc. */
++ if ((biWidth < 0) || (biWidth > 0xFFFFFF) ||
++ (biHeight < 0) || (biHeight > 0xFFFFFF)) {
++ IMG_SetError("Unsupported or invalid ICO dimensions");
++ was_error = SDL_TRUE;
++ goto done;
++ }
++
+ /* Create a RGBA surface */
+ biHeight = biHeight >> 1;
+ //printf("%d x %d\n", biWidth, biHeight);
+@@ -679,6 +715,11 @@ LoadICOCUR_RW(SDL_RWops * src, int type,
+ if (biClrUsed == 0) {
+ biClrUsed = 1 << biBitCount;
+ }
++ if (biClrUsed > (sizeof(palette)/sizeof(palette[0]))) {
++ IMG_SetError("Unsupported or incorrect biClrUsed field");
++ was_error = SDL_TRUE;
++ goto done;
++ }
+ for (i = 0; i < (int) biClrUsed; ++i) {
+ SDL_RWread(src, &palette[i], 4, 1);
+ }
Index: pkgsrc/graphics/SDL_image/patches/patch-IMG__lbm.c
diff -u /dev/null pkgsrc/graphics/SDL_image/patches/patch-IMG__lbm.c:1.1
--- /dev/null Thu May 14 16:08:07 2020
+++ pkgsrc/graphics/SDL_image/patches/patch-IMG__lbm.c Thu May 14 16:08:07 2020
@@ -0,0 +1,97 @@
+$NetBSD: patch-IMG__lbm.c,v 1.1 2020/05/14 16:08:07 nia Exp $
+
+Various sanity fixes from upstream preventing potential
+security problems.
+
+--- IMG_lbm.c.orig 2012-01-21 01:51:33.000000000 +0000
++++ IMG_lbm.c
+@@ -187,7 +187,12 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *
+
+ if ( !memcmp( id, "CMAP", 4 ) ) /* palette ( Color Map ) */
+ {
+- if ( !SDL_RWread( src, &colormap, size, 1 ) )
++ if (size > sizeof (colormap)) {
++ error="colormap size is too large";
++ goto done;
++ }
++
++ if ( !SDL_RWread( src, colormap, size, 1 ) )
+ {
+ error="error reading CMAP chunk";
+ goto done;
+@@ -242,14 +247,14 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *
+ /* Allocate memory for a temporary buffer ( used for
+ decompression/deinterleaving ) */
+
+- MiniBuf = (void *)malloc( bytesperline * (nbplanes + stencil) );
++ MiniBuf = (Uint8 *)malloc( bytesperline * (nbplanes + stencil) );
+ if ( MiniBuf == NULL )
+ {
+- error="no enough memory for temporary buffer";
++ error="not enough memory for temporary buffer";
+ goto done;
+ }
+
+- if ( ( Image = SDL_CreateRGBSurface( SDL_SWSURFACE, width, bmhd.h, (bmhd.planes==24 || flagHAM==1)?24:8, 0, 0, 0, 0 ) ) == NULL )
++ if ( ( Image = SDL_CreateRGBSurface( SDL_SWSURFACE, width, bmhd.h, (nbplanes==24 || flagHAM==1)?24:8, 0, 0, 0, 0 ) ) == NULL )
+ goto done;
+
+ if ( bmhd.mask & 2 ) /* There is a transparent color */
+@@ -276,7 +281,7 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *
+ /* The 32 last colors are the same but divided by 2 */
+ /* Some Amiga pictures save 64 colors with 32 last wrong colors, */
+ /* they shouldn't !, and here we overwrite these 32 bad colors. */
+- if ( (nbcolors==32 || flagEHB ) && (1<<bmhd.planes)==64 )
++ if ( (nbcolors==32 || flagEHB ) && (1<<nbplanes)==64 )
+ {
+ nbcolors = 64;
+ ptr = &colormap[0];
+@@ -290,8 +295,8 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *
+
+ /* If nbcolors < 2^nbplanes, repeat the colormap */
+ /* This happens when pictures have a stencil mask */
+- if ( nbrcolorsfinal > (1<<bmhd.planes) ) {
+- nbrcolorsfinal = (1<<bmhd.planes);
++ if ( nbrcolorsfinal > (1<<nbplanes) ) {
++ nbrcolorsfinal = (1<<nbplanes);
+ }
+ for ( i=nbcolors; i < (Uint32)nbrcolorsfinal; i++ )
+ {
+@@ -365,7 +370,7 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *
+
+ /* One line has been read, store it ! */
+
+- ptr = Image->pixels;
++ ptr = (Uint8 *)Image->pixels;
+ if ( nbplanes==24 || flagHAM==1 )
+ ptr += h * width * 3;
+ else
+@@ -449,19 +454,15 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *
+ {
+ finalcolor = pixelcolor;
+ }
+- if ( SDL_BYTEORDER == SDL_LIL_ENDIAN )
+- {
+- *ptr++ = (Uint8)(finalcolor>>16);
+- *ptr++ = (Uint8)(finalcolor>>8);
+- *ptr++ = (Uint8)(finalcolor);
+- }
+- else
+- {
+- *ptr++ = (Uint8)(finalcolor);
+- *ptr++ = (Uint8)(finalcolor>>8);
+- *ptr++ = (Uint8)(finalcolor>>16);
+- }
+-
++#if SDL_BYTEORDER == SDL_LIL_ENDIAN
++ *ptr++ = (Uint8)(finalcolor>>16);
++ *ptr++ = (Uint8)(finalcolor>>8);
++ *ptr++ = (Uint8)(finalcolor);
++#else
++ *ptr++ = (Uint8)(finalcolor);
++ *ptr++ = (Uint8)(finalcolor>>8);
++ *ptr++ = (Uint8)(finalcolor>>16);
++#endif
+ maskBit = maskBit>>1;
+ }
+ }
Index: pkgsrc/graphics/SDL_image/patches/patch-IMG__pcx.c
diff -u /dev/null pkgsrc/graphics/SDL_image/patches/patch-IMG__pcx.c:1.1
--- /dev/null Thu May 14 16:08:07 2020
+++ pkgsrc/graphics/SDL_image/patches/patch-IMG__pcx.c Thu May 14 16:08:07 2020
@@ -0,0 +1,154 @@
+$NetBSD: patch-IMG__pcx.c,v 1.1 2020/05/14 16:08:07 nia Exp $
+
+Various sanity fixes from upstream preventing potential
+security problems.
+
+--- IMG_pcx.c.orig 2012-01-21 01:51:33.000000000 +0000
++++ IMG_pcx.c
+@@ -100,6 +100,8 @@ SDL_Surface *IMG_LoadPCX_RW(SDL_RWops *s
+ Uint8 *row, *buf = NULL;
+ char *error = NULL;
+ int bits, src_bits;
++ int count = 0;
++ Uint8 ch;
+
+ if ( !src ) {
+ /* The error message has been set in SDL_RWFromFile */
+@@ -127,37 +129,37 @@ SDL_Surface *IMG_LoadPCX_RW(SDL_RWops *s
+ bits = 8;
+ } else if(pcxh.BitsPerPixel == 8 && pcxh.NPlanes == 3) {
+ bits = 24;
+- if ( SDL_BYTEORDER == SDL_LIL_ENDIAN ) {
+- Rmask = 0x000000FF;
+- Gmask = 0x0000FF00;
+- Bmask = 0x00FF0000;
+- } else {
+- Rmask = 0xFF0000;
+- Gmask = 0x00FF00;
+- Bmask = 0x0000FF;
+- }
++#if SDL_BYTEORDER == SDL_LIL_ENDIAN
++ Rmask = 0x000000FF;
++ Gmask = 0x0000FF00;
++ Bmask = 0x00FF0000;
++#else
++ Rmask = 0xFF0000;
++ Gmask = 0x00FF00;
++ Bmask = 0x0000FF;
++#endif
+ } else {
+ error = "unsupported PCX format";
+ goto done;
+ }
+ surface = SDL_AllocSurface(SDL_SWSURFACE, width, height,
+ bits, Rmask, Gmask, Bmask, Amask);
+- if ( surface == NULL )
++ if ( surface == NULL ) {
+ goto done;
++ }
+
+ bpl = pcxh.NPlanes * pcxh.BytesPerLine;
+- if (bpl > surface->pitch) {
+- error = "bytes per line is too large (corrupt?)";
++ buf = (Uint8 *)calloc(bpl, 1);
++ if (!buf) {
++ error = "Out of memory";
++ goto done;
+ }
+- buf = malloc(bpl);
+- row = surface->pixels;
++ row = (Uint8 *)surface->pixels;
+ for ( y=0; y<surface->h; ++y ) {
+ /* decode a scan line to a temporary buffer first */
+- int i, count = 0;
+- Uint8 ch;
+- Uint8 *dst = (src_bits == 8) ? row : buf;
++ int i;
+ if ( pcxh.Encoding == 0 ) {
+- if(!SDL_RWread(src, dst, bpl, 1)) {
++ if(!SDL_RWread(src, buf, bpl, 1)) {
+ error = "file truncated";
+ goto done;
+ }
+@@ -168,46 +170,54 @@ SDL_Surface *IMG_LoadPCX_RW(SDL_RWops *s
+ error = "file truncated";
+ goto done;
+ }
+- if( (ch & 0xc0) == 0xc0) {
+- count = ch & 0x3f;
++ if (ch < 0xc0) {
++ count = 1;
++ } else {
++ count = ch - 0xc0;
+ if(!SDL_RWread(src, &ch, 1, 1)) {
+ error = "file truncated";
+ goto done;
+ }
+- } else
+- count = 1;
++ }
+ }
+- dst[i] = ch;
++ buf[i] = ch;
+ count--;
+ }
+ }
+
+ if(src_bits <= 4) {
+ /* expand planes to 1 byte/pixel */
+- Uint8 *src = buf;
++ Uint8 *innerSrc = buf;
+ int plane;
+ for(plane = 0; plane < pcxh.NPlanes; plane++) {
+- int i, j, x = 0;
+- for(i = 0; i < pcxh.BytesPerLine; i++) {
+- Uint8 byte = *src++;
+- for(j = 7; j >= 0; j--) {
+- unsigned bit = (byte >> j) & 1;
++ int j, k, x = 0;
++ for(j = 0; j < pcxh.BytesPerLine; j++) {
++ Uint8 byte = *innerSrc++;
++ for(k = 7; k >= 0; k--) {
++ unsigned bit = (byte >> k) & 1;
+ /* skip padding bits */
+- if (i * 8 + j >= width)
++ if (j * 8 + k >= width)
+ continue;
+ row[x++] |= bit << plane;
+ }
+ }
+ }
++ } else if(src_bits == 8) {
++ /* Copy the row directly */
++ memcpy(row, buf, SDL_min(width, bpl));
+ } else if(src_bits == 24) {
+ /* de-interlace planes */
+- Uint8 *src = buf;
++ Uint8 *innerSrc = buf;
+ int plane;
+ for(plane = 0; plane < pcxh.NPlanes; plane++) {
+ int x;
+- dst = row + plane;
++ Uint8 *dst = row + plane;
+ for(x = 0; x < width; x++) {
+- *dst = *src++;
++ if (dst >= row+surface->pitch) {
++ error = "decoding out of bounds (corrupt?)";
++ goto done;
++ }
++ *dst = *innerSrc++;
+ dst += pcxh.NPlanes;
+ }
+ }
+@@ -227,8 +237,9 @@ SDL_Surface *IMG_LoadPCX_RW(SDL_RWops *s
+ /* look for a 256-colour palette */
+ do {
+ if ( !SDL_RWread(src, &ch, 1, 1)) {
+- error = "file truncated";
+- goto done;
++ /* Couldn't find the palette, try the end of the file */
++ SDL_RWseek(src, -768, RW_SEEK_END);
++ break;
+ }
+ } while ( ch != 12 );
+
Index: pkgsrc/graphics/SDL_image/patches/patch-IMG__xpm.c
diff -u /dev/null pkgsrc/graphics/SDL_image/patches/patch-IMG__xpm.c:1.1
--- /dev/null Thu May 14 16:08:07 2020
+++ pkgsrc/graphics/SDL_image/patches/patch-IMG__xpm.c Thu May 14 16:08:07 2020
@@ -0,0 +1,130 @@
+$NetBSD: patch-IMG__xpm.c,v 1.1 2020/05/14 16:08:07 nia Exp $
+
+Various sanity fixes from upstream preventing potential
+security problems.
+
+--- IMG_xpm.c.orig 2012-01-21 01:51:33.000000000 +0000
++++ IMG_xpm.c
+@@ -106,7 +106,7 @@ static struct color_hash *create_colorha
+
+ /* we know how many entries we need, so we can allocate
+ everything here */
+- hash = malloc(sizeof *hash);
++ hash = (struct color_hash *)calloc(1, sizeof(*hash));
+ if(!hash)
+ return NULL;
+
+@@ -115,15 +115,32 @@ static struct color_hash *create_colorha
+ ;
+ hash->size = s;
+ hash->maxnum = maxnum;
++
+ bytes = hash->size * sizeof(struct hash_entry **);
+- hash->entries = NULL; /* in case malloc fails */
+- hash->table = malloc(bytes);
+- if(!hash->table)
++ /* Check for overflow */
++ if ((bytes / sizeof(struct hash_entry **)) != hash->size) {
++ IMG_SetError("memory allocation overflow");
++ free(hash);
++ return NULL;
++ }
++ hash->table = (struct hash_entry **)calloc(1, bytes);
++ if(!hash->table) {
++ free(hash);
++ return NULL;
++ }
++
++ bytes = maxnum * sizeof(struct hash_entry);
++ /* Check for overflow */
++ if ((bytes / sizeof(struct hash_entry)) != maxnum) {
++ IMG_SetError("memory allocation overflow");
++ free(hash->table);
++ free(hash);
+ return NULL;
+- memset(hash->table, 0, bytes);
+- hash->entries = malloc(maxnum * sizeof(struct hash_entry));
++ }
++ hash->entries = (struct hash_entry *)calloc(1, bytes);
+ if(!hash->entries) {
+ free(hash->table);
++ free(hash);
+ return NULL;
+ }
+ hash->next_free = hash->entries;
+@@ -158,7 +175,7 @@ static Uint32 get_colorhash(struct color
+
+ static void free_colorhash(struct color_hash *hash)
+ {
+- if(hash && hash->table) {
++ if(hash) {
+ free(hash->table);
+ free(hash->entries);
+ free(hash);
+@@ -262,7 +279,7 @@ static char *get_next_line(char ***lines
+ len += 4; /* "\",\n\0" */
+ if(len > buflen){
+ buflen = len;
+- linebufnew = realloc(linebuf, buflen);
++ linebufnew = (char *)realloc(linebuf, buflen);
+ if(!linebufnew) {
+ free(linebuf);
+ error = "Out of memory";
+@@ -282,7 +299,7 @@ static char *get_next_line(char ***lines
+ if(buflen == 0)
+ buflen = 16;
+ buflen *= 2;
+- linebufnew = realloc(linebuf, buflen);
++ linebufnew = (char *)realloc(linebuf, buflen);
+ if(!linebufnew) {
+ free(linebuf);
+ error = "Out of memory";
+@@ -359,7 +376,12 @@ static SDL_Surface *load_xpm(char **xpm,
+ goto done;
+ }
+
+- keystrings = malloc(ncolors * cpp);
++ /* Check for allocation overflow */
++ if ((size_t)(ncolors * cpp)/cpp != ncolors) {
++ error = "Invalid color specification";
++ goto done;
++ }
++ keystrings = (char *)malloc(ncolors * cpp);
+ if(!keystrings) {
+ error = "Out of memory";
+ goto done;
+@@ -426,8 +448,9 @@ static SDL_Surface *load_xpm(char **xpm,
+ c->g = (Uint8)(rgb >> 8);
+ c->b = (Uint8)(rgb);
+ pixel = index;
+- } else
++ } else {
+ pixel = rgb;
++ }
+ add_colorhash(colors, nextkey, cpp, pixel);
+ nextkey += cpp;
+ if(rgb == 0xffffffff)
+@@ -438,9 +461,11 @@ static SDL_Surface *load_xpm(char **xpm,
+
+ /* Read the pixels */
+ pixels_len = w * cpp;
+- dst = image->pixels;
++ dst = (Uint8 *)image->pixels;
+ for(y = 0; y < h; y++) {
+ line = get_next_line(xpmlines, src, pixels_len);
++ if (!line)
++ goto done;
+ if(indexed) {
+ /* optimization for some common cases */
+ if(cpp == 1)
+@@ -489,6 +514,10 @@ SDL_Surface *IMG_LoadXPM_RW(SDL_RWops *s
+
+ SDL_Surface *IMG_ReadXPMFromArray(char **xpm)
+ {
++ if ( !xpm ) {
++ IMG_SetError("array is NULL");
++ return NULL;
++ }
+ return load_xpm(xpm, NULL);
+ }
+
Home |
Main Index |
Thread Index |
Old Index