Please sign in to comment.
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixed bug 3890 - Incomplete fix for CVE-2017-2888
Felix Geyer http://hg.libsdl.org/SDL/rev/a31ee4d64ff6 tries to fix CVE-2017-2888. Unfortunately compilers may optimize the second condition "(size / surface->pitch) != surface->h" away. See https://bugzilla.redhat.com/show_bug.cgi?id=1500623#c2 I've verified that this is also the case on Debian unstable (gcc 7.2).
- Loading branch information
Showing with 8 additions and 3 deletions.
- +8 −3 src/video/SDL_surface.c