blob: 6a94c48a1d1be778932df43e8571983e2b18198f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
From 463c3bd09bfe8e924e19acad7a2a6af16953a704 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Mon, 4 Aug 2014 10:31:25 +0200
Subject: [PATCH] CVE-2014-2497, NULL pointer dereference, fix #126
---
src/gdxpm.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/gdxpm.c b/src/gdxpm.c
index ae6e336..15603a6 100644
--- a/src/gdxpm.c
+++ b/src/gdxpm.c
@@ -49,6 +49,16 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXpm(char *filename)
if(overflow2(sizeof(int), number)) {
goto done;
}
+ for(i = 0; i < number; i++) {
+ /*
+ avoid NULL pointer dereference
+ TODO better fix need to manage monochrome/monovisual
+ see m_color or g4_color or g_color
+ */
+ if (!image.colorTable[i].c_color) {
+ goto done;
+ }
+ }
colors = (int *)gdMalloc(sizeof(int) * number);
if(colors == NULL) {
--
1.8.5.2
|
