Mon, 10 Jun 2019 08:57:11 -0700CVE-2019-7572: Fix a buffer overwrite in IMA_ADPCM_decode SDL-1.2
Petr Písař <ppisar@redhat.com> [Mon, 10 Jun 2019 08:57:11 -0700] rev 12818
CVE-2019-7572: Fix a buffer overwrite in IMA_ADPCM_decode
If data chunk was longer than expected based on a WAV format
definition, IMA_ADPCM_decode() tried to write past the output
buffer. This patch fixes it.

Based on patch from
<https://bugzilla.libsdl.org/show_bug.cgi?id=4496>.

CVE-2019-7572
https://bugzilla.libsdl.org/show_bug.cgi?id=4495

Signed-off-by: Petr Písař <ppisar@redhat.com>

Mon, 10 Jun 2019 08:54:29 -0700CVE-2019-7577: Fix a buffer overread in MS_ADPCM_nibble and MS_ADPCM_decode SDL-1.2
Petr Písař <ppisar@redhat.com> [Mon, 10 Jun 2019 08:54:29 -0700] rev 12817
CVE-2019-7577: Fix a buffer overread in MS_ADPCM_nibble and MS_ADPCM_decode
If a chunk of RIFF/WAV file with MS ADPCM encoding contains an invalid
predictor (a valid predictor's value is between 0 and 6 inclusive),
a buffer overread can happen when the predictor is used as an index
into an array of MS ADPCM coefficients.

The overead happens when indexing MS_ADPCM_state.aCoeff[] array in
MS_ADPCM_decode() and later when dereferencing a coef pointer in
MS_ADPCM_nibble().

This patch fixes it by checking the MS ADPCM predictor values fit
into the valid range.

CVE-2019-7577
Reproducer: https://bugzilla.libsdl.org/show_bug.cgi?id=4492

Signed-off-by: Petr Písař <ppisar@redhat.com>

Mon, 10 Jun 2019 08:54:11 -0700CVE-2019-7577: Fix a buffer overread in MS_ADPCM_decode SDL-1.2
Petr Písař <ppisar@redhat.com> [Mon, 10 Jun 2019 08:54:11 -0700] rev 12816
CVE-2019-7577: Fix a buffer overread in MS_ADPCM_decode
If RIFF/WAV data chunk length is shorter then expected for an audio
format defined in preceeding RIFF/WAV format headers, a buffer
overread can happen.

This patch fixes it by checking a MS ADPCM data to be decoded are not
past the initialized buffer.

CVE-2019-7577
Reproducer: https://bugzilla.libsdl.org/show_bug.cgi?id=4492

Signed-off-by: Petr Písař <ppisar@redhat.com>

Mon, 10 Jun 2019 08:50:59 -0700CVE-2019-7574: Fix a buffer overread in IMA_ADPCM_decode SDL-1.2
Petr Písař <ppisar@redhat.com> [Mon, 10 Jun 2019 08:50:59 -0700] rev 12815
CVE-2019-7574: Fix a buffer overread in IMA_ADPCM_decode
If data chunk was shorter than expected based on a WAV format
definition, IMA_ADPCM_decode() tried to read past the data chunk
buffer. This patch fixes it.

CVE-2019-7574
https://bugzilla.libsdl.org/show_bug.cgi?id=4496

Signed-off-by: Petr Písař <ppisar@redhat.com>

Mon, 10 Jun 2019 08:49:26 -0700Fixed bug 4662 - SDL failed to build due to error LNK2019: unresolved external symbol _memset referenced in function _IMA_ADPCM_Decode with MSVC on Windows
Sam Lantinga <slouken@libsdl.org> [Mon, 10 Jun 2019 08:49:26 -0700] rev 12814
Fixed bug 4662 - SDL failed to build due to error LNK2019: unresolved external symbol _memset referenced in function _IMA_ADPCM_Decode with MSVC on Windows

LinGao

We build SDL with Visual studio 2017 compiler on Windows Server 2016, but it failed to build due to error LNK2019: unresolved external symbol _memset referenced in function _IMA_ADPCM_Decode on latest default branch. And we found that it can be first reproduced on a39d8cdf50f4 changeset. Could you please help have a look about this issue? Thanks in advance!

Mon, 10 Jun 2019 08:46:20 -0700Fixed bug 4641 - clang and clang-cl builds on windows create -Wpragma-pack warnings
Sam Lantinga <slouken@libsdl.org> [Mon, 10 Jun 2019 08:46:20 -0700] rev 12813
Fixed bug 4641 - clang and clang-cl builds on windows create -Wpragma-pack warnings

Sun, 09 Jun 2019 19:27:25 -0400cocoa: report proper input IDs for mouse/touch events.
Ryan C. Gordon <icculus@icculus.org> [Sun, 09 Jun 2019 19:27:25 -0400] rev 12812
cocoa: report proper input IDs for mouse/touch events.

Otherwise, we generate incorrect mouse events for MacBook trackpads (which
are also multitouch devices), etc.

Partially fixes Bugzilla #4576.

Sun, 09 Jun 2019 14:08:18 -0700Fixed bug 4658 - iOS 12 fullscreen flag and SDL_HINT_IOS_HIDE_HOME_INDICATOR not working
Sam Lantinga <slouken@libsdl.org> [Sun, 09 Jun 2019 14:08:18 -0700] rev 12811
Fixed bug 4658 - iOS 12 fullscreen flag and SDL_HINT_IOS_HIDE_HOME_INDICATOR not working

Caleb Cornett

On iOS 12, creating a window with the SDL_WINDOW_FULLSCREEN flag does not dim the home indicator or defer system gestures. The same goes for setting the SDL_HINT_IOS_HIDE_HOME_INDICATOR to "2" -- it has no effect at all.

I've tracked down the source of this misbehavior to a timing issue. The initial `setNeedsUpdate...` calls were happening too early and getting applied to the launch screen by mistake. In the attached patch, I've added a call to those functions right after the launch screen is hidden so that they apply to the main view controller instead. This appears to fix the issue, at least on my iPhone 6s Plus.

Sun, 09 Jun 2019 11:54:51 -0400Add notes for SDL_WinRTRunApp and SDL2-WinRTResources for non-C++ projects
Ethan Lee <flibitijibibo@flibitijibibo.com> [Sun, 09 Jun 2019 11:54:51 -0400] rev 12810
Add notes for SDL_WinRTRunApp and SDL2-WinRTResources for non-C++ projects

Sun, 09 Jun 2019 12:46:10 -0700Cleanup on bug 3894 - Fuzzing crashes for SDL_LoadWAV
Sam Lantinga <slouken@libsdl.org> [Sun, 09 Jun 2019 12:46:10 -0700] rev 12809
Cleanup on bug 3894 - Fuzzing crashes for SDL_LoadWAV

Simon Hug

Attached is a minor cleanup patch. It changes the option name of one hint to something better, puts one or two more checks in, and adds explicit casting where warnings could appear otherwise.

I hope the naming of the hints and their options is acceptable. It would be kind of awkward to change them after they get released with an official SDL version.