Mon, 10 Jun 2019 13:07:58 -0700Fixed TALOS-2019-0841, heap buffer overlow exploit
Sam Lantinga <slouken@libsdl.org> [Mon, 10 Jun 2019 13:07:58 -0700] rev 642
Fixed TALOS-2019-0841, heap buffer overlow exploit
Also fixed loading some images with incorrect palette location

Fri, 12 Apr 2019 16:29:43 -0400Rewrite IMG_WIC.c to work as a C file, use original IWICImagingFactory API
Ethan Lee <flibitijibibo@flibitijibibo.com> [Fri, 12 Apr 2019 16:29:43 -0400] rev 641
Rewrite IMG_WIC.c to work as a C file, use original IWICImagingFactory API

Sat, 16 Mar 2019 18:57:27 -0700Fixed bug 4516 - [PATCH] more accuracy with macro SAVE_PNG and PNG_SETJMP_SUPPORTED
Sam Lantinga <slouken@libsdl.org> [Sat, 16 Mar 2019 18:57:27 -0700] rev 640
Fixed bug 4516 - [PATCH] more accuracy with macro SAVE_PNG and PNG_SETJMP_SUPPORTED

Dmitry Gapkalov

provide possibility to compile SDL_image without SAVE_PNG and PNG_SETJMP_SUPPORTED

Sat, 16 Mar 2019 18:34:22 -0700Fixed CVE-2019-7635 and bug 4498 - Heap-Buffer Overflow in Blit1to4 pertaining to SDL_blit_1.c
Sam Lantinga <slouken@libsdl.org> [Sat, 16 Mar 2019 18:34:22 -0700] rev 639
Fixed CVE-2019-7635 and bug 4498 - Heap-Buffer Overflow in Blit1to4 pertaining to SDL_blit_1.c

Petr Pisar

The root cause is that the POC BMP file declares 3 colors used and 4 bpp palette, but pixel at line 28 and column 1 (counted from 0) has color number 3. Then when the image loaded into a surface is passed to SDL_DisplayFormat(), in order to convert it to a video format, a used bliting function looks up a color number 3 in a 3-element long color bliting map. (The map obviously has the same number entries as the surface format has colors.)

Proper fix should refuse broken BMP images that have a pixel with a color index higher than declared number of "used" colors. Possibly more advanced fix could try to relocate the out-of-range color index into a vacant index (if such exists).

Fri, 04 Jan 2019 22:02:01 -0800Updated copyright for 2019
Sam Lantinga <slouken@libsdl.org> [Fri, 04 Jan 2019 22:02:01 -0800] rev 638
Updated copyright for 2019

Mon, 24 Dec 2018 10:00:02 +0300IMG_xcf.c: fix build breakage.
Ozkan Sezer <sezeroz@gmail.com> [Mon, 24 Dec 2018 10:00:02 +0300] rev 637
IMG_xcf.c: fix build breakage.

Thu, 06 Dec 2018 13:57:45 +0100only load 1st level in XCF files SDL-1.2
Thomas Bernard <miniupnp@free.fr> [Thu, 06 Dec 2018 13:57:45 +0100] rev 636
only load 1st level in XCF files

Does just like GIMP !

see https://gitlab.gnome.org/GNOME/gimp/issues/2604

Thu, 06 Dec 2018 13:44:10 +0100Support XCG files v11+ with 64bits offsets SDL-1.2
Thomas Bernard <miniupnp@free.fr> [Thu, 06 Dec 2018 13:44:10 +0100] rev 635
Support XCG files v11+ with 64bits offsets

Fri, 30 Nov 2018 11:04:15 +0100IMG_xcf.c: Avoid infinite loop in read_xcf_header() SDL-1.2
Thomas Bernard <miniupnp@free.fr> [Fri, 30 Nov 2018 11:04:15 +0100] rev 634
IMG_xcf.c: Avoid infinite loop in read_xcf_header()

Thu, 06 Dec 2018 14:19:10 +0100only load 1st level in XCF files
Thomas Bernard <miniupnp@free.fr> [Thu, 06 Dec 2018 14:19:10 +0100] rev 633
only load 1st level in XCF files

Does just like GIMP !
see https://gitlab.gnome.org/GNOME/gimp/issues/2604