2 files changed, 29 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2022-34568.patch b/meta-oe/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2022-34568.patch
new file mode 100644
index 0000000000..7561300cb3
--- /dev/null
+++ b/meta-oe/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2022-34568.patch
@@ -0,0 +1,28 @@
+CVE: CVE-2022-34568
+Upstream-Status: Backport [https://github.com/libsdl-org/SDL-1.2/commit/d7e00208738a0bc6af302723fe64908ac35b777b ]
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+From d7e00208738a0bc6af302723fe64908ac35b777b Mon Sep 17 00:00:00 2001
+From: Ozkan Sezer <sezeroz@gmail.com>
+Date: Sat, 18 Jun 2022 14:55:00 +0300
+Subject: [PATCH] SDL_x11yuv.c: fix possible use-after-free
+Fixes: https://github.com/libsdl-org/SDL-1.2/issues/863
+---
+ src/video/x11/SDL_x11yuv.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/video/x11/SDL_x11yuv.c b/src/video/x11/SDL_x11yuv.c
+index 62698dfd9..0d5754e3e 100644
+--- a/src/video/x11/SDL_x11yuv.c
+++ b/src/video/x11/SDL_x11yuv.c
+@@ -374,8 +374,8 @@ SDL_Overlay *X11_CreateYUVOverlay(_THIS, int width, int height, Uint32 format, S
+ #ifdef PITCH_WORKAROUND
+                if ( hwdata->image != NULL && hwdata->image->pitches[0] != (width*bpp) ) {
+                        /* Ajust overlay width according to pitch */ 
+-                       XFree(hwdata->image);
+                        width = hwdata->image->pitches[0] / bpp;
+                       XFree(hwdata->image);
+                        hwdata->image = SDL_NAME(XvCreateImage)(GFX_Display, xv_port, format,
+                                                                0, width, height);
+                }
diff --git a/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb b/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb
index 814e6cd0dd..a817d3834a 100644
--- a/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb
+++ b/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb
@@ -26,6 +26,7 @@ SRC_URI = "http://www.libsdl.org/release/SDL-${PV}.tar.gz \
           file://CVE-2019-7638.patch \
           file://CVE-2019-7576.patch \
           file://CVE-2019-13616.patch \
+           file://CVE-2022-34568.patch \
          "
 UPSTREAM_CHECK_REGEX = "SDL-(?P<pver>\d+(\.\d+)+)\.tar"

diff --git a/meta-oe/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2022-34568.patch b/meta-oe/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2022-34568.patch new file mode 100644 index 0000000000..7561300cb3 --- /dev/null +++ b/meta-oe/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2022-34568.patch
@@ -0,0 +1,28 @@
		1	CVE: CVE-2022-34568
		2	Upstream-Status: Backport [https://github.com/libsdl-org/SDL-1.2/commit/d7e00208738a0bc6af302723fe64908ac35b777b ]
		3	Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
		4
		5	From d7e00208738a0bc6af302723fe64908ac35b777b Mon Sep 17 00:00:00 2001
		6	From: Ozkan Sezer <sezeroz@gmail.com>
		7	Date: Sat, 18 Jun 2022 14:55:00 +0300
		8	Subject: [PATCH] SDL_x11yuv.c: fix possible use-after-free
		9
		10	Fixes: https://github.com/libsdl-org/SDL-1.2/issues/863
		11	---
		12	src/video/x11/SDL_x11yuv.c \| 2 +-
		13	1 file changed, 1 insertion(+), 1 deletion(-)
		14
		15	diff --git a/src/video/x11/SDL_x11yuv.c b/src/video/x11/SDL_x11yuv.c
		16	index 62698dfd9..0d5754e3e 100644
		17	--- a/src/video/x11/SDL_x11yuv.c
		18	+++ b/src/video/x11/SDL_x11yuv.c
		19	@@ -374,8 +374,8 @@ SDL_Overlay *X11_CreateYUVOverlay(_THIS, int width, int height, Uint32 format, S
		20	#ifdef PITCH_WORKAROUND
		21	if ( hwdata->image != NULL && hwdata->image->pitches[0] != (width*bpp) ) {
		22	/* Ajust overlay width according to pitch */
		23	- XFree(hwdata->image);
		24	width = hwdata->image->pitches[0] / bpp;
		25	+ XFree(hwdata->image);
		26	hwdata->image = SDL_NAME(XvCreateImage)(GFX_Display, xv_port, format,
		27	0, width, height);
		28	}


diff --git a/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb b/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb index 814e6cd0dd..a817d3834a 100644 --- a/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb +++ b/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb
@@ -26,6 +26,7 @@ SRC_URI = "http://www.libsdl.org/release/SDL-${PV}.tar.gz \
26	file://CVE-2019-7638.patch \	26	file://CVE-2019-7638.patch \
27	file://CVE-2019-7576.patch \	27	file://CVE-2019-7576.patch \
28	file://CVE-2019-13616.patch \	28	file://CVE-2019-13616.patch \
		29	file://CVE-2022-34568.patch \
29	"	30	"
30		31
31	UPSTREAM_CHECK_REGEX = "SDL-(?P<pver>\d+(\.\d+)+)\.tar"	32	UPSTREAM_CHECK_REGEX = "SDL-(?P<pver>\d+(\.\d+)+)\.tar"