new file mode 100644
@@ -0,0 +1,39 @@
+From e39a9a81ab7bbccef1de40d1bc5041c73299c9ce Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 13 Apr 2022 08:53:34 +0800
+Subject: [PATCH] Always create a full 256-entry map in case color values are
+ out of range Fixes #5042
+
+Upstream-Status: Backport [https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9]
+CVE: CVE-2021-33657
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ src/video/SDL_pixels.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/video/SDL_pixels.c b/src/video/SDL_pixels.c
+index 84b6932..c27dc6f 100644
+--- a/src/video/SDL_pixels.c
++++ b/src/video/SDL_pixels.c
+@@ -947,7 +947,7 @@ Map1to1(SDL_Palette * src, SDL_Palette * dst, int *identical)
+ }
+ *identical = 0;
+ }
+- map = (Uint8 *) SDL_malloc(src->ncolors);
++ map = (Uint8 *) SDL_calloc(256, sizeof(Uint8));
+ if (map == NULL) {
+ SDL_OutOfMemory();
+ return (NULL);
+@@ -971,7 +971,7 @@ Map1toN(SDL_PixelFormat * src, Uint8 Rmod, Uint8 Gmod, Uint8 Bmod, Uint8 Amod,
+ SDL_Palette *pal = src->palette;
+
+ bpp = ((dst->BytesPerPixel == 3) ? 4 : dst->BytesPerPixel);
+- map = (Uint8 *) SDL_malloc(pal->ncolors * bpp);
++ map = (Uint8 *) SDL_calloc(256, bpp);
+ if (map == NULL) {
+ SDL_OutOfMemory();
+ return (NULL);
+--
+2.25.1
+
@@ -18,6 +18,7 @@ PROVIDES = "virtual/libsdl2"
SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \
file://more-gen-depends.patch \
+ file://CVE-2021-33657.patch \
"
S = "${WORKDIR}/SDL2-${PV}"