Headline
CVE-2022-34568: A USE AFTER FREE BUG · Issue #863 · libsdl-org/SDL-1.2
SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c.
Fix would simply be moving XFree() a line below: @icculus, @slouken?
diff --git a/src/video/x11/SDL_x11yuv.c b/src/video/x11/SDL_x11yuv.c index 62698df…0d5754e 100644 — a/src/video/x11/SDL_x11yuv.c +++ b/src/video/x11/SDL_x11yuv.c @@ -374,8 +374,8 @@ SDL_Overlay *X11_CreateYUVOverlay(_THIS, int width, int height, Uint32 format, S #ifdef PITCH_WORKAROUND if ( hwdata->image != NULL && hwdata->image->pitches[0] != (width*bpp) ) { /* Ajust overlay width according to pitch */ - XFree(hwdata->image); width = hwdata->image->pitches[0] / bpp;
XFree(hwdata->image); hwdata->image = SDL\_NAME(XvCreateImage)(GFX\_Display, xv\_port, format, 0, width, height); }
Related news
Gentoo Linux Security Advisory 202305-17 - Multiple vulnerabilities have been found in libsdl, the worst of which could result in arbitrary code execution. Versions less than 1.2.15_p20221201>= are affected.
Ubuntu Security Notice 5586-1 - It was discovered that SDL incorrectly handled memory. An attacker could potentially use this issue to cause a denial of service or other unexpected behavior.