From 463c3bd09bfe8e924e19acad7a2a6af16953a704 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Mon, 4 Aug 2014 10:31:25 +0200
Subject: [PATCH] CVE-2014-2497, NULL pointer dereference, fix #126

---
 src/gdxpm.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff -up ./src/gdxpm.c.1076676 ./src/gdxpm.c
--- ./src/gdxpm.c.1076676	2013-06-25 11:58:23.000000000 +0200
+++ ./src/gdxpm.c	2015-01-08 13:39:36.600424371 +0100
@@ -49,6 +49,16 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFro
 	if(overflow2(sizeof(int), number)) {
 		goto done;
 	}
+	for(i = 0; i < number; i++) {
+		/*
+		   avoid NULL pointer dereference
+		   TODO better fix need to manage monochrome/monovisual
+		   see m_color or g4_color or g_color
+		*/
+		if (!image.colorTable[i].c_color) {
+			goto done;
+		}
+	}
 
 	colors = (int *)gdMalloc(sizeof(int) * number);
 	if(colors == NULL) {