summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2014-08-29 16:52:48 +0200
committerRemi Collet <fedora@famillecollet.com>2014-08-29 16:52:48 +0200
commitd609954ccc5727a53cf3dbc68abb599e072af776 (patch)
treeb9e083cd2728ed61fb1d68ba59a613c221a83045
parent509093c9983c5ed446119ea41905c169437cd29a (diff)
gd: add gd-CVE-2014-2497.patch
-rw-r--r--gd-CVE-2014-2497.patch33
1 files changed, 33 insertions, 0 deletions
diff --git a/gd-CVE-2014-2497.patch b/gd-CVE-2014-2497.patch
new file mode 100644
index 0000000..6a94c48
--- /dev/null
+++ b/gd-CVE-2014-2497.patch
@@ -0,0 +1,33 @@
+From 463c3bd09bfe8e924e19acad7a2a6af16953a704 Mon Sep 17 00:00:00 2001
+From: Remi Collet <fedora@famillecollet.com>
+Date: Mon, 4 Aug 2014 10:31:25 +0200
+Subject: [PATCH] CVE-2014-2497, NULL pointer dereference, fix #126
+
+---
+ src/gdxpm.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/gdxpm.c b/src/gdxpm.c
+index ae6e336..15603a6 100644
+--- a/src/gdxpm.c
++++ b/src/gdxpm.c
+@@ -49,6 +49,16 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXpm(char *filename)
+ if(overflow2(sizeof(int), number)) {
+ goto done;
+ }
++ for(i = 0; i < number; i++) {
++ /*
++ avoid NULL pointer dereference
++ TODO better fix need to manage monochrome/monovisual
++ see m_color or g4_color or g_color
++ */
++ if (!image.colorTable[i].c_color) {
++ goto done;
++ }
++ }
+
+ colors = (int *)gdMalloc(sizeof(int) * number);
+ if(colors == NULL) {
+--
+1.8.5.2
+