Search
j0ke.net Open Build Service
>
Projects
>
internetx
:
php5
:
EL6
>
gd
> gd-CVE-2014-2497.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File gd-CVE-2014-2497.patch of Package gd
From 463c3bd09bfe8e924e19acad7a2a6af16953a704 Mon Sep 17 00:00:00 2001 From: Remi Collet <fedora@famillecollet.com> Date: Mon, 4 Aug 2014 10:31:25 +0200 Subject: [PATCH] CVE-2014-2497, NULL pointer dereference, fix #126 --- src/gdxpm.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/gdxpm.c b/src/gdxpm.c index ae6e336..15603a6 100644 --- a/src/gdxpm.c +++ b/src/gdxpm.c @@ -49,6 +49,16 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXpm(char *filename) if(overflow2(sizeof(int), number)) { goto done; } + for(i = 0; i < number; i++) { + /* + avoid NULL pointer dereference + TODO better fix need to manage monochrome/monovisual + see m_color or g4_color or g_color + */ + if (!image.colorTable[i].c_color) { + goto done; + } + } colors = (int *)gdMalloc(sizeof(int) * number); if(colors == NULL) { -- 1.8.5.2
