| Summary: | Loading an image through SDL_image's showimage can lead to overflow in SDL_UpperBlit | ||
|---|---|---|---|
| Product: | SDL_image | Reporter: | janisozaur <janisozaur+libsdl> |
| Component: | misc | Assignee: | Sam Lantinga <slouken> |
| Status: | RESOLVED FIXED | QA Contact: | Sam Lantinga <slouken> |
| Severity: | normal | ||
| Priority: | P2 | CC: | janisozaur+libsdl |
| Version: | 2.0.4 | Keywords: | target-2.0.10 |
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Attachments: |
overflow-detect.diff
overflow.xcf |
||
Created attachment 3332 [details]
overflow.xcf
It appears some of the affected values are not getting clipped to what's viewable, but I don't know the code enough to say what it should do instead of current version. Tagging a bunch of bugs with "target-2.0.10" so we have a clear list of things to address before a 2.0.10 release. Please note that "addressing" one of these bugs might mean deciding to defer on it until after 2.0.10, or resolving it as WONTFIX, etc. This is just here to tell us we should look at it carefully, and soon. If you have new information or feedback on this issue, this is a good time to add it to the conversation, as we're likely to be paying attention to this specific report in the next few days/weeks. Thanks! --ryan. SDL_image will no longer load this image, due to it being malformed. |
Created attachment 3331 [details] overflow-detect.diff Trying to load an image with SDL can cause signed integer overflow (aka undefined behaviour) in SDL_UpperBlit Attached are: * snippet highlighting the issue * XCF file that triggers both added checks