SECURITY FIX for http://secunia.com/advisories/28640/

Patches were taken from libsdl's svn.
2008-03-31 21:19:17 +00:00 · 2008-03-31 21:19:17 +00:00 · a1d3817782
commit a1d3817782
parent 4a83b71cb3
3 changed files with 45 additions and 2 deletions
--- a/devel/sdl-image/Makefile
+++ b/devel/sdl-image/Makefile
@ -1,8 +1,8 @@
-# $OpenBSD: Makefile,v 1.26 2007/10/14 08:22:17 winiger Exp $
+# $OpenBSD: Makefile,v 1.27 2008/03/31 21:19:17 jasper Exp $

 COMMENT=	SDL image library
 DISTNAME=	SDL_image-1.2.4
-PKGNAME=	${DISTNAME:L:S/_/-/}p3
+PKGNAME=	${DISTNAME:L:S/_/-/}p4
 SHARED_LIBS=	SDL_image 2.0
 CATEGORIES=	devel graphics
 MASTER_SITES=	ftp://ftp.fr.freebsd.org/pub/FreeBSD/distfiles/ \
--- a/devel/sdl-image/patches/patch-IMG_gif_c
+++ b/devel/sdl-image/patches/patch-IMG_gif_c
@ -0,0 +1,14 @@
+$OpenBSD: patch-IMG_gif_c,v 1.1 2008/03/31 21:19:17 jasper Exp $
+--- IMG_gif.c.orig	Fri Mar 28 18:36:08 2008
+++ IMG_gif.c	Fri Mar 28 18:36:54 2008
+@@ -406,6 +406,10 @@ LWZReadByte(SDL_RWops *src, int flag, int input_code_s
+     static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp;
+     register int i;
+ 
+    /* Fixed buffer overflow found by Michael Skladnikiewicz */
+    if (input_code_size > MAX_LWZ_BITS)
+        return -1;
+
+     if (flag) {
+ 	set_code_size = input_code_size;
+ 	code_size = set_code_size + 1;
--- a/devel/sdl-image/patches/patch-IMG_lbm_c
+++ b/devel/sdl-image/patches/patch-IMG_lbm_c
@ -0,0 +1,29 @@
+$OpenBSD: patch-IMG_lbm_c,v 1.1 2008/03/31 21:19:17 jasper Exp $
+--- IMG_lbm.c.orig	Fri Mar 28 18:37:11 2008
+++ IMG_lbm.c	Fri Mar 28 18:39:09 2008
+@@ -30,6 +30,7 @@
+    EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain
+    (http://www.multimania.com/mavati) in December 2003.
+    Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004.
+   Buffer overflow fix in RLE decompression by David Raulo in January 2008.
+ */
+ 
+ #include <stdio.h>
+@@ -321,7 +322,7 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *src )
+ 						count ^= 0xFF;
+ 						count += 2; /* now it */
+ 
+-						if ( !SDL_RWread( src, &color, 1, 1 ) )
+						if ( ( count > remainingbytes ) || !SDL_RWread( src, &color, 1, 1 ) )
+ 						{
+ 						   error="error reading BODY chunk";
+ 							goto done;
+@@ -332,7 +333,7 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *src )
+ 					{
+ 						++count;
+ 
+-						if ( !SDL_RWread( src, ptr, count, 1 ) )
+						if ( ( count > remainingbytes ) || !SDL_RWread( src, ptr, count, 1 ) )
+ 						{
+ 						   error="error reading BODY chunk";
+ 							goto done;