From b5b7b21e1511b70f07ac93b6f87d2a835e99164d Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Sun, 21 Apr 2013 10:14:58 +0200
Subject: gd: import from rawhide

---
 gd-sa4.patch | 148 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 148 insertions(+)
 create mode 100644 gd-sa4.patch

(limited to 'gd-sa4.patch')

diff --git a/gd-sa4.patch b/gd-sa4.patch
new file mode 100644
index 0000000..50d33d0
--- /dev/null
+++ b/gd-sa4.patch
@@ -0,0 +1,148 @@
+The following issue has been found by Coverity static analysis tool.
+
+Error: FORWARD_NULL (CWE-476): [#def5]
+gd-2.0.35/gd_topal.c:1790: assign_zero: Assigning: "cquantize" = "NULL".
+gd-2.0.35/gd_topal.c:1798: cond_false: Condition "cimP", taking false branch
+gd-2.0.35/gd_topal.c:1804: else_branch: Reached else branch
+gd-2.0.35/gd_topal.c:1807: cond_false: Condition "!oim->trueColor", taking false branch
+gd-2.0.35/gd_topal.c:1815: if_end: End of if statement
+gd-2.0.35/gd_topal.c:1819: cond_true: Condition "oim->transparent >= 0", taking true branch
+gd-2.0.35/gd_topal.c:1823: cond_true: Condition "colorsWanted > maxColors", taking true branch
+gd-2.0.35/gd_topal.c:1827: cond_true: Condition "!cimP", taking true branch
+gd-2.0.35/gd_topal.c:1829: cond_false: Condition "!nim->pixels", taking false branch
+gd-2.0.35/gd_topal.c:1833: if_end: End of if statement
+gd-2.0.35/gd_topal.c:1834: cond_true: Condition "i < nim->sy", taking true branch
+gd-2.0.35/gd_topal.c:1837: cond_true: Condition "!nim->pixels[i]", taking true branch
+gd-2.0.35/gd_topal.c:1839: goto: Jumping to label "outOfMemory"
+gd-2.0.35/gd_topal.c:2027: label: Reached label "outOfMemory"
+gd-2.0.35/gd_topal.c:2028: cond_true: Condition "oim->trueColor", taking true branch
+gd-2.0.35/gd_topal.c:2030: cond_true: Condition "!cimP", taking true branch
+gd-2.0.35/gd_topal.c:2032: cond_true: Condition "i < nim->sy", taking true branch
+gd-2.0.35/gd_topal.c:2034: cond_true: Condition "nim->pixels[i]", taking true branch
+gd-2.0.35/gd_topal.c:2038: loop: Jumping back to the beginning of the loop
+gd-2.0.35/gd_topal.c:2032: loop_begin: Jumped back to beginning of loop
+gd-2.0.35/gd_topal.c:2032: cond_true: Condition "i < nim->sy", taking true branch
+gd-2.0.35/gd_topal.c:2034: cond_true: Condition "nim->pixels[i]", taking true branch
+gd-2.0.35/gd_topal.c:2038: loop: Jumping back to the beginning of the loop
+gd-2.0.35/gd_topal.c:2032: loop_begin: Jumped back to beginning of loop
+gd-2.0.35/gd_topal.c:2032: cond_false: Condition "i < nim->sy", taking false branch
+gd-2.0.35/gd_topal.c:2038: loop_end: Reached end of loop
+gd-2.0.35/gd_topal.c:2039: cond_true: Condition "nim->pixels", taking true branch
+gd-2.0.35/gd_topal.c:2044: if_fallthrough: Falling through to end of if statement
+gd-2.0.35/gd_topal.c:2047: if_end: End of if statement
+gd-2.0.35/gd_topal.c:2050: cond_true: Condition "i < (32 /* 1 << 5 */)", taking true branch
+gd-2.0.35/gd_topal.c:2052: var_deref_op: Dereferencing null pointer "cquantize".
+
+Error: FORWARD_NULL (CWE-476): [#def6]
+gd-2.0.35/gd_topal.c:1798: cond_true: Condition "cimP", taking true branch
+gd-2.0.35/gd_topal.c:1801: cond_false: Condition "!nim", taking false branch
+gd-2.0.35/gd_topal.c:1803: if_end: End of if statement
+gd-2.0.35/gd_topal.c:1804: if_fallthrough: Falling through to end of if statement
+gd-2.0.35/gd_topal.c:1806: if_end: End of if statement
+gd-2.0.35/gd_topal.c:1807: cond_false: Condition "!oim->trueColor", taking false branch
+gd-2.0.35/gd_topal.c:1815: if_end: End of if statement
+gd-2.0.35/gd_topal.c:1819: cond_true: Condition "oim->transparent >= 0", taking true branch
+gd-2.0.35/gd_topal.c:1823: cond_true: Condition "colorsWanted > maxColors", taking true branch
+gd-2.0.35/gd_topal.c:1827: cond_false: Condition "!cimP", taking false branch
+gd-2.0.35/gd_topal.c:1842: if_end: End of if statement
+gd-2.0.35/gd_topal.c:1857: cond_true: Condition "!cquantize", taking true branch
+gd-2.0.35/gd_topal.c:1857: var_compare_op: Comparing "cquantize" to null implies that "cquantize" might be null.
+gd-2.0.35/gd_topal.c:1860: goto: Jumping to label "outOfMemory"
+gd-2.0.35/gd_topal.c:2027: label: Reached label "outOfMemory"
+gd-2.0.35/gd_topal.c:2028: cond_true: Condition "oim->trueColor", taking true branch
+gd-2.0.35/gd_topal.c:2030: cond_false: Condition "!cimP", taking false branch
+gd-2.0.35/gd_topal.c:2044: else_branch: Reached else branch
+gd-2.0.35/gd_topal.c:2050: cond_true: Condition "i < (32 /* 1 << 5 */)", taking true branch
+gd-2.0.35/gd_topal.c:2052: var_deref_op: Dereferencing null pointer "cquantize".
+
+Error: FORWARD_NULL (CWE-476): [#def7]
+gd-2.0.35/gd_topal.c:1798: cond_false: Condition "cimP", taking false branch
+gd-2.0.35/gd_topal.c:1804: else_branch: Reached else branch
+gd-2.0.35/gd_topal.c:1807: cond_false: Condition "!oim->trueColor", taking false branch
+gd-2.0.35/gd_topal.c:1815: if_end: End of if statement
+gd-2.0.35/gd_topal.c:1819: cond_true: Condition "oim->transparent >= 0", taking true branch
+gd-2.0.35/gd_topal.c:1823: cond_true: Condition "colorsWanted > maxColors", taking true branch
+gd-2.0.35/gd_topal.c:1827: cond_true: Condition "!cimP", taking true branch
+gd-2.0.35/gd_topal.c:1829: cond_true: Condition "!nim->pixels", taking true branch
+gd-2.0.35/gd_topal.c:1829: var_compare_op: Comparing "nim->pixels" to null implies that "nim->pixels" might be null.
+gd-2.0.35/gd_topal.c:1832: goto: Jumping to label "outOfMemory"
+gd-2.0.35/gd_topal.c:2027: label: Reached label "outOfMemory"
+gd-2.0.35/gd_topal.c:2028: cond_true: Condition "oim->trueColor", taking true branch
+gd-2.0.35/gd_topal.c:2030: cond_true: Condition "!cimP", taking true branch
+gd-2.0.35/gd_topal.c:2032: cond_true: Condition "i < nim->sy", taking true branch
+gd-2.0.35/gd_topal.c:2034: var_deref_op: Dereferencing null pointer "nim->pixels".
+
+
+diff -up gd-2.0.35/gd_topal.c.sa4 gd-2.0.35/gd_topal.c
+--- gd-2.0.35/gd_topal.c.sa4	2012-12-10 13:30:19.666363149 +0100
++++ gd-2.0.35/gd_topal.c	2012-12-10 13:37:50.550729535 +0100
+@@ -2029,15 +2029,15 @@ outOfMemory:
+     {
+       if (!cimP) {
+         /* On failure only */
+-        for (i = 0; i < nim->sy; i++)
+-  	{
+-  	  if (nim->pixels[i])
+-  	    {
+-  	      gdFree (nim->pixels[i]);
+-  	    }
+-  	}
+         if (nim->pixels)
+   	{
++          for (i = 0; i < nim->sy; i++)
++  	  {
++  	    if (nim->pixels[i])
++  	      {
++  	        gdFree (nim->pixels[i]);
++  	      }
++  	  }
+   	  gdFree (nim->pixels);
+   	}
+         nim->pixels = 0;
+@@ -2047,27 +2047,27 @@ outOfMemory:
+       }
+     }
+ success:
+-  for (i = 0; i < HIST_C0_ELEMS; i++)
+-    {
+-      if (cquantize->histogram[i])
+-	{
+-	  gdFree (cquantize->histogram[i]);
+-	}
+-    }
+-  if (cquantize->histogram)
+-    {
+-      gdFree (cquantize->histogram);
+-    }
+-  if (cquantize->fserrors)
+-    {
+-      gdFree (cquantize->fserrors);
+-    }
+-  if (cquantize->error_limiter_storage)
+-    {
+-      gdFree (cquantize->error_limiter_storage);
+-    }
+   if (cquantize)
+     {
++      for (i = 0; i < HIST_C0_ELEMS; i++)
++        {
++          if (cquantize->histogram[i])
++	    {
++	      gdFree (cquantize->histogram[i]);
++	    }
++        }
++      if (cquantize->histogram)
++        {
++          gdFree (cquantize->histogram);
++        }
++      if (cquantize->fserrors)
++        {
++          gdFree (cquantize->fserrors);
++        }
++      if (cquantize->error_limiter_storage)
++        {
++          gdFree (cquantize->error_limiter_storage);
++        }
+       gdFree (cquantize);
+     }
+ 
-- 
cgit