sdl2.pc.in
author Sam Lantinga <slouken@libsdl.org>
Mon, 18 Feb 2019 07:50:33 -0800
changeset 12612 07c39cbbeacf
parent 7876 d6373384b5ce
permissions -rw-r--r--
Fixed bug 4500 - Heap-Buffer Overflow in Map1toN pertaining to SDL_pixels.c

Petr Pisar

The reproducer has these data in BITMAPINFOHEADER:

biSize = 40
biBitCount = 8
biClrUsed = 131075

SDL_LoadBMP_RW() function passes biBitCount as a color depth to SDL_CreateRGBSurface(), thus 256-color pallete is allocated. But then biClrUsed colors are read from a file and stored into the palette. SDL_LoadBMP_RW should report an error if biClrUsed is greater than 2^biBitCount.
     1 # sdl pkg-config source file
     2 
     3 prefix=@prefix@
     4 exec_prefix=@exec_prefix@
     5 libdir=@libdir@
     6 includedir=@includedir@
     7 
     8 Name: sdl2
     9 Description: Simple DirectMedia Layer is a cross-platform multimedia library designed to provide low level access to audio, keyboard, mouse, joystick, 3D hardware via OpenGL, and 2D video framebuffer.
    10 Version: @SDL_VERSION@
    11 Requires:
    12 Conflicts:
    13 Libs: -L${libdir} @SDL_RLD_FLAGS@ @SDL_LIBS@
    14 Libs.private: @SDL_STATIC_LIBS@
    15 Cflags: -I${includedir}/SDL2 @SDL_CFLAGS@