File CVE-2021-33657.patch of Package SDL.23114
From 8c91cf7dba5193f5ce12d06db1336515851c9ee9 Mon Sep 17 00:00:00 2001
From: Sam Lantinga <slouken@libsdl.org>
Date: Tue, 30 Nov 2021 12:36:46 -0800
Subject: [PATCH] Always create a full 256-entry map in case color values are
out of range
Fixes https://github.com/libsdl-org/SDL/issues/5042
Backported by Mike Gorse <mgorse@suse.com>
---
diff -urp SDL-1.2.15.orig/src/video/SDL_pixels.c SDL-1.2.15/src/video/SDL_pixels.c
--- SDL-1.2.15.orig/src/video/SDL_pixels.c 2022-04-04 16:32:20.087032208 -0500
+++ SDL-1.2.15/src/video/SDL_pixels.c 2022-04-04 16:44:41.758947832 -0500
@@ -479,7 +479,7 @@ static Uint8 *Map1to1(SDL_Palette *src,
}
*identical = 0;
}
- map = (Uint8 *)SDL_malloc(src->ncolors);
+ map = (Uint8 *) SDL_calloc(256, sizeof(Uint8));
if ( map == NULL ) {
SDL_OutOfMemory();
return(NULL);
@@ -500,7 +500,7 @@ static Uint8 *Map1toN(SDL_PixelFormat *s
SDL_Palette *pal = src->palette;
bpp = ((dst->BytesPerPixel == 3) ? 4 : dst->BytesPerPixel);
- map = (Uint8 *)SDL_malloc(pal->ncolors*bpp);
+ map = (Uint8 *) SDL_calloc(256, bpp);
if ( map == NULL ) {
SDL_OutOfMemory();
return(NULL);