VisualC-WinRT/SDL2main-WinRT-NonXAML.nuspec
author Sam Lantinga <slouken@libsdl.org>
Mon, 18 Feb 2019 07:50:33 -0800
changeset 12612 07c39cbbeacf
parent 9942 e82bfd942409
permissions -rw-r--r--
Fixed bug 4500 - Heap-Buffer Overflow in Map1toN pertaining to SDL_pixels.c

Petr Pisar

The reproducer has these data in BITMAPINFOHEADER:

biSize = 40
biBitCount = 8
biClrUsed = 131075

SDL_LoadBMP_RW() function passes biBitCount as a color depth to SDL_CreateRGBSurface(), thus 256-color pallete is allocated. But then biClrUsed colors are read from a file and stored into the palette. SDL_LoadBMP_RW should report an error if biClrUsed is greater than 2^biBitCount.
     1 <?xml version="1.0"?>
     2 <package >
     3   <metadata>
     4     <id>SDL2main-WinRT-NonXAML</id>
     5     <version>2.0.4-Unofficial</version>
     6     <authors>Sam Lantinga</authors>
     7     <owners>David Ludwig</owners>
     8     <licenseUrl>http://libsdl.org/license.php</licenseUrl>
     9     <projectUrl>http://libsdl.org</projectUrl>
    10     <requireLicenseAcceptance>false</requireLicenseAcceptance>
    11     <description>WinMain() function for SDL2 + WinRT + CoreWindow (non-XAML) apps</description>
    12     <copyright>Copyright 2015</copyright>
    13     <tags>SDL2 SDL LibSDL OpenGL C C++ nativepackage</tags>
    14     <dependencies>
    15       <dependency id="SDL2-WinRT" version="2.0.4"/>
    16     </dependencies>
    17   </metadata>
    18   <files>
    19     <file src="..\src\main\winrt\SDL_winrt_main_NonXAML.cpp" target="src\main\winrt"/>
    20     <file src="SDL2main-WinRT-NonXAML.targets" target="build\native"/>
    21   </files>
    22 </package>