Commit 60332f38 authored by Gustavo Zacarias's avatar Gustavo Zacarias Committed by Thomas Petazzoni
Browse files

gd: add patch for CVE-2014-2497 

Fixes CVE-2014-2497 - NULL pointer dereference
Patch from upstream:
https://bitbucket.org/libgd/gd-libgd/commits/463c3bd09bfe8e924e19acad7a2a6af16953a704



Signed-off-by: default avatarGustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
parent 85448feb

package/gd/gd-04-CVE-2014-2497.patch

0 → 100644
+33 −0
Original line number Diff line number Diff line 
From 463c3bd09bfe8e924e19acad7a2a6af16953a704 Mon Sep 17 00:00:00 2001

From: Remi Collet <fedora@famillecollet.com>

Date: Mon, 4 Aug 2014 10:31:25 +0200

Subject: [PATCH] CVE-2014-2497, NULL pointer dereference, fix #126



---

 src/gdxpm.c | 10 ++++++++++

 1 file changed, 10 insertions(+)



diff --git a/src/gdxpm.c b/src/gdxpm.c

index ae6e336..15603a6 100644

--- a/src/gdxpm.c

+++ b/src/gdxpm.c

@@ -83,6 +83,16 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXpm(char *filename)

 	if(overflow2(sizeof(int), number)) {

 		goto done;

 	}

+	for(i = 0; i < number; i++) {

+		/*

+		   avoid NULL pointer dereference

+		   TODO better fix need to manage monochrome/monovisual

+		   see m_color or g4_color or g_color

+		*/

+		if (!image.colorTable[i].c_color) {

+			goto done;

+		}

+	}

 

 	colors = (int *)gdMalloc(sizeof(int) * number);

 	if(colors == NULL) {

-- 

1.8.5.2