30 lines
886 B
Diff
30 lines
886 B
Diff
From 463c3bd09bfe8e924e19acad7a2a6af16953a704 Mon Sep 17 00:00:00 2001
|
|
From: Remi Collet <fedora@famillecollet.com>
|
|
Date: Mon, 4 Aug 2014 10:31:25 +0200
|
|
Subject: [PATCH] CVE-2014-2497, NULL pointer dereference, fix #126
|
|
|
|
---
|
|
src/gdxpm.c | 10 ++++++++++
|
|
1 file changed, 10 insertions(+)
|
|
|
|
diff -up ./src/gdxpm.c.1076676 ./src/gdxpm.c
|
|
--- ./src/gdxpm.c.1076676 2013-06-25 11:58:23.000000000 +0200
|
|
+++ ./src/gdxpm.c 2015-01-08 13:39:36.600424371 +0100
|
|
@@ -49,6 +49,16 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFro
|
|
if(overflow2(sizeof(int), number)) {
|
|
goto done;
|
|
}
|
|
+ for(i = 0; i < number; i++) {
|
|
+ /*
|
|
+ avoid NULL pointer dereference
|
|
+ TODO better fix need to manage monochrome/monovisual
|
|
+ see m_color or g4_color or g_color
|
|
+ */
|
|
+ if (!image.colorTable[i].c_color) {
|
|
+ goto done;
|
|
+ }
|
|
+ }
|
|
|
|
colors = (int *)gdMalloc(sizeof(int) * number);
|
|
if(colors == NULL) {
|