Mon, 10 Jun 2019 21:58:03 +0200Android: add MinimizeWindow function (Bug 4580, 4657)
Sylvain Becker [Mon, 10 Jun 2019 21:58:03 +0200] rev 12823
Android: add MinimizeWindow function (Bug 4580, 4657)
shouldMinimizeOnFocusLoss is un-activated (return false)

Mon, 10 Jun 2019 21:41:22 +0200Android: fix typo calling onBackPressed() (Bug 4657)
Sylvain Becker [Mon, 10 Jun 2019 21:41:22 +0200] rev 12822
Android: fix typo calling onBackPressed() (Bug 4657)

Mon, 10 Jun 2019 09:25:05 -0700CVE-2019-7575: Fix a buffer overwrite in MS_ADPCM_decode SDL-1.2
Petr Písař [Mon, 10 Jun 2019 09:25:05 -0700] rev 12821
CVE-2019-7575: Fix a buffer overwrite in MS_ADPCM_decode
If a WAV format defines shorter audio stream and decoded MS ADPCM data chunk
is longer, decoding continued past the output audio buffer.

This fix is based on a patch from
<https://bugzilla.libsdl.org/show_bug.cgi?id=4492>.

https://bugzilla.libsdl.org/show_bug.cgi?id=4493
CVE-2019-7575

Signed-off-by: Petr Písař <ppisar@redhat.com>

Sun, 17 Mar 2019 23:47:12 +0100Add mapping for Chinese-made Xbox Controller
Benjamin Valentin [Sun, 17 Mar 2019 23:47:12 +0100] rev 12820
Add mapping for Chinese-made Xbox Controller

This device is a copy of the Xbox Controller S and currently the one most sold
when shopping for a 'new' Xbox gamepad on eBay and AliExpress.
Except for the quirky USB ID id behaves just like a normal Xbox controller (when
ignoring the subpar build quality)

Mon, 10 Jun 2019 09:06:23 -0700CVE-2019-7573, CVE-2019-7576: Fix buffer overreads in InitMS_ADPCM SDL-1.2
Petr Písař [Mon, 10 Jun 2019 09:06:23 -0700] rev 12819
CVE-2019-7573, CVE-2019-7576: Fix buffer overreads in InitMS_ADPCM
If MS ADPCM format chunk was too short, InitMS_ADPCM() parsing it
could read past the end of chunk data. This patch fixes it.

CVE-2019-7573
https://bugzilla.libsdl.org/show_bug.cgi?id=4491
CVE-2019-7576
https://bugzilla.libsdl.org/show_bug.cgi?id=4490

Signed-off-by: Petr Písař <ppisar@redhat.com>

Mon, 10 Jun 2019 08:57:11 -0700CVE-2019-7572: Fix a buffer overwrite in IMA_ADPCM_decode SDL-1.2
Petr Písař [Mon, 10 Jun 2019 08:57:11 -0700] rev 12818
CVE-2019-7572: Fix a buffer overwrite in IMA_ADPCM_decode
If data chunk was longer than expected based on a WAV format
definition, IMA_ADPCM_decode() tried to write past the output
buffer. This patch fixes it.

Based on patch from
<https://bugzilla.libsdl.org/show_bug.cgi?id=4496>.

CVE-2019-7572
https://bugzilla.libsdl.org/show_bug.cgi?id=4495

Signed-off-by: Petr Písař <ppisar@redhat.com>

Mon, 10 Jun 2019 08:54:29 -0700CVE-2019-7577: Fix a buffer overread in MS_ADPCM_nibble and MS_ADPCM_decode SDL-1.2
Petr Písař [Mon, 10 Jun 2019 08:54:29 -0700] rev 12817
CVE-2019-7577: Fix a buffer overread in MS_ADPCM_nibble and MS_ADPCM_decode
If a chunk of RIFF/WAV file with MS ADPCM encoding contains an invalid
predictor (a valid predictor's value is between 0 and 6 inclusive),
a buffer overread can happen when the predictor is used as an index
into an array of MS ADPCM coefficients.

The overead happens when indexing MS_ADPCM_state.aCoeff[] array in
MS_ADPCM_decode() and later when dereferencing a coef pointer in
MS_ADPCM_nibble().

This patch fixes it by checking the MS ADPCM predictor values fit
into the valid range.

CVE-2019-7577
Reproducer: https://bugzilla.libsdl.org/show_bug.cgi?id=4492

Signed-off-by: Petr Písař <ppisar@redhat.com>

Mon, 10 Jun 2019 08:54:11 -0700CVE-2019-7577: Fix a buffer overread in MS_ADPCM_decode SDL-1.2
Petr Písař [Mon, 10 Jun 2019 08:54:11 -0700] rev 12816
CVE-2019-7577: Fix a buffer overread in MS_ADPCM_decode
If RIFF/WAV data chunk length is shorter then expected for an audio
format defined in preceeding RIFF/WAV format headers, a buffer
overread can happen.

This patch fixes it by checking a MS ADPCM data to be decoded are not
past the initialized buffer.

CVE-2019-7577
Reproducer: https://bugzilla.libsdl.org/show_bug.cgi?id=4492

Signed-off-by: Petr Písař <ppisar@redhat.com>

Mon, 10 Jun 2019 08:50:59 -0700CVE-2019-7574: Fix a buffer overread in IMA_ADPCM_decode SDL-1.2
Petr Písař [Mon, 10 Jun 2019 08:50:59 -0700] rev 12815
CVE-2019-7574: Fix a buffer overread in IMA_ADPCM_decode
If data chunk was shorter than expected based on a WAV format
definition, IMA_ADPCM_decode() tried to read past the data chunk
buffer. This patch fixes it.

CVE-2019-7574
https://bugzilla.libsdl.org/show_bug.cgi?id=4496

Signed-off-by: Petr Písař <ppisar@redhat.com>

Mon, 10 Jun 2019 08:49:26 -0700Fixed bug 4662 - SDL failed to build due to error LNK2019: unresolved external symbol _memset referenced in function _IMA_ADPCM_Decode with MSVC on Windows
Sam Lantinga [Mon, 10 Jun 2019 08:49:26 -0700] rev 12814
Fixed bug 4662 - SDL failed to build due to error LNK2019: unresolved external symbol _memset referenced in function _IMA_ADPCM_Decode with MSVC on Windows

LinGao

We build SDL with Visual studio 2017 compiler on Windows Server 2016, but it failed to build due to error LNK2019: unresolved external symbol _memset referenced in function _IMA_ADPCM_Decode on latest default branch. And we found that it can be first reproduced on a39d8cdf50f4 changeset. Could you please help have a look about this issue? Thanks in advance!