Bug 1134135 – SDL_GetWindowSurface returns NULL pointer

Bug 1134135 - SDL_GetWindowSurface returns NULL pointer


Summary:	SDL_GetWindowSurface returns NULL pointer

Status:	RESOLVED FIXED
Duplicates:	1137386 (view as bug list)

Classification:	openSUSE
Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Other
Version:	Current
Hardware:	x86-64 Linux

Priority:	P2 - High Severity: Major (vote)
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2019-05-05 15:29 UTC by Artur Łącki
Modified:	2019-06-27 10:31 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Community User
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Artur Łącki 2019-05-05 15:29:55 UTC

After last update of libSDL2-2_0-0 to version 2.0.8-lp150.2.3.1 function SDL_GetWindowSurface returns NULL pointer. You can reproduce problem with this example from SDL2 documentation: https://wiki.libsdl.org/SDL_GetWindowSurface (just add assert after "screen" initialization).

I think that probably source of this bug is incorrect patch of another bug: 1124825 ( https://build.opensuse.org/package/view_file/openSUSE:Leap:15.0:Update/SDL2/CVE-2019-7637.patch?expand=1 ).

     surface->pitch = SDL_CalculatePitch(format, width);
+    if (!surface->pitch)
+    {
+        return NULL;
+    }
     SDL_SetClipRect(surface, NULL);

SDL_CalculatePitch returns 0 because passed width is equal to 0 (this is hardcoded in SDL_CreateRGBSurfaceFrom).

Comment 1 Swamp Workflow Management 2019-06-21 13:19:58 UTC

SUSE-SU-2019:1605-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1124825,1134135
CVE References: CVE-2019-7637
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    SDL2-2.0.8-3.12.5
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    SDL2-2.0.8-3.12.5
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    SDL2-2.0.8-3.12.5

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 2 Wolfgang Bauer 2019-06-27 09:16:17 UTC

*** Bug 1137386 has been marked as a duplicate of this bug. ***

Comment 3 Marcus Meissner 2019-06-27 09:59:57 UTC

released

Comment 4 Swamp Workflow Management 2019-06-27 10:14:29 UTC

openSUSE-SU-2019:1633-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1124825,1134135
CVE References: CVE-2019-7637
Sources used:
openSUSE Leap 15.1 (src):    SDL2-2.0.8-lp151.4.3.1

Comment 5 Swamp Workflow Management 2019-06-27 10:31:09 UTC

openSUSE-SU-2019:1632-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1124825,1134135
CVE References: CVE-2019-7637
Sources used:
openSUSE Leap 15.0 (src):    SDL2-2.0.8-lp150.2.6.1