From d7d041cd25a7869e3a6b41a2711b83de806523eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Janu=C5=A1?= <fjanus@redhat.com>
Date: Fri, 31 Jan 2020 09:31:42 +0100
Subject: [PATCH] Add patch(gd-2.2.5-null-pointer.patch) - fix Null pointer
 reference in gdImageClone (gdImagePtr src) Resolves:
 https://bugzilla.redhat.com/show_bug.cgi?id=1599032

---
 gd-2.2.5-null-pointer.patch | 74 +++++++++++++++++++++++++++++++++++++
 gd.spec                     |  9 ++++-
 2 files changed, 82 insertions(+), 1 deletion(-)
 create mode 100644 gd-2.2.5-null-pointer.patch

diff --git a/gd-2.2.5-null-pointer.patch b/gd-2.2.5-null-pointer.patch
new file mode 100644
index 0000000..afa18d9
--- /dev/null
+++ b/gd-2.2.5-null-pointer.patch
@@ -0,0 +1,74 @@
+From a93eac0e843148dc2d631c3ba80af17e9c8c860f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?F=C3=A1bio=20Cabral=20Pacheco?= <fcabralpacheco@gmail.com>
+Date: Fri, 20 Dec 2019 12:03:33 -0300
+Subject: [PATCH] Fix potential NULL pointer dereference in gdImageClone()
+
+---
+ src/gd.c                          |  9 +--------
+ tests/gdimageclone/style.c        | 30 ++++++++++++++++++++++++++++++
+ 5 files changed, 35 insertions(+), 9 deletions(-)
+ create mode 100644 tests/gdimageclone/style.c
+
+diff --git a/src/gd.c b/src/gd.c
+index 592a0286..d564d1f9 100644
+--- a/src/gd.c
++++ b/src/gd.c
+@@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
+ 		}
+ 	}
+ 
+-	if (src->styleLength > 0) {
+-		dst->styleLength = src->styleLength;
+-		dst->stylePos    = src->stylePos;
+-		for (i = 0; i < src->styleLength; i++) {
+-			dst->style[i] = src->style[i];
+-		}
+-	}
+-
+ 	dst->interlace   = src->interlace;
+ 
+ 	dst->alphaBlendingFlag = src->alphaBlendingFlag;
+@@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
+ 
+ 	if (src->style) {
+ 		gdImageSetStyle(dst, src->style, src->styleLength);
++		dst->stylePos = src->stylePos;
+ 	}
+ 
+ 	for (i = 0; i < gdMaxColors; i++) {
+diff --git a/tests/gdimageclone/style.c b/tests/gdimageclone/style.c
+new file mode 100644
+index 00000000..c2b246ed
+--- /dev/null
++++ b/tests/gdimageclone/style.c
+@@ -0,0 +1,30 @@
++/**
++ * Cloning an image should exactly reproduce all style related data
++ */
++
++
++#include <string.h>
++#include "gd.h"
++#include "gdtest.h"
++
++
++int main()
++{
++    gdImagePtr im, clone;
++    int style[] = {0, 0, 0};
++
++    im = gdImageCreate(8, 8);
++    gdImageSetStyle(im, style, sizeof(style)/sizeof(style[0]));
++
++    clone = gdImageClone(im);
++    gdTestAssert(clone != NULL);
++
++    gdTestAssert(clone->styleLength == im->styleLength);
++    gdTestAssert(clone->stylePos == im->stylePos);
++    gdTestAssert(!memcmp(clone->style, im->style, sizeof(style)/sizeof(style[0])));
++
++    gdImageDestroy(clone);
++    gdImageDestroy(im);
++
++    return gdNumFailures();
++}
diff --git a/gd.spec b/gd.spec
index 1160299..2db9311 100644
--- a/gd.spec
+++ b/gd.spec
@@ -9,7 +9,7 @@
 Summary:       A graphics library for quick creation of PNG or JPEG images
 Name:          gd
 Version:       2.2.5
-Release:       11%{?prever}%{?short}%{?dist}
+Release:       12%{?prever}%{?short}%{?dist}
 License:       MIT
 URL:           http://libgd.github.io/
 %if 0%{?commit:1}
@@ -29,6 +29,8 @@ Patch3:        gd-2.2.5-gdImageBmpPtr-double-free.patch
 Patch4:        gd-2.2.5-heap-based-buffer-overflow.patch
 # CVE-2019-6978
 Patch5:        gd-2.2.5-potential-double-free.patch
+# NULL POINTER REFERENCE - https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f
+Patch6:	       gd-2.2.5-null-pointer.patch
 
 BuildRequires: freetype-devel
 BuildRequires: fontconfig-devel
@@ -96,6 +98,7 @@ files for gd, a graphics library for creating PNG and JPEG graphics.
 %patch3 -p1 -b .gdImageBmpPtr-free
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 
 : $(perl config/getver.pl)
 
@@ -167,6 +170,10 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc
 
 
 %changelog
+* Fri Jan 31 2020 Filip Januš <fjanus@redhat.com> - 2.2.5-12
+- Add patch(gd-2.2.5-null-pointer.patch) - fix Null pointer reference in gdImageClone (gdImagePtr src)
+- Resolves: #1599032
+
 * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.5-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild