34 lines
863 B
Diff
34 lines
863 B
Diff
|
From 463c3bd09bfe8e924e19acad7a2a6af16953a704 Mon Sep 17 00:00:00 2001
|
||
|
From: Remi Collet <fedora@famillecollet.com>
|
||
|
Date: Mon, 4 Aug 2014 10:31:25 +0200
|
||
|
Subject: [PATCH] CVE-2014-2497, NULL pointer dereference, fix #126
|
||
|
|
||
|
---
|
||
|
src/gdxpm.c | 10 ++++++++++
|
||
|
1 file changed, 10 insertions(+)
|
||
|
|
||
|
diff --git a/src/gdxpm.c b/src/gdxpm.c
|
||
|
index ae6e336..15603a6 100644
|
||
|
--- a/src/gdxpm.c
|
||
|
+++ b/src/gdxpm.c
|
||
|
@@ -83,6 +83,16 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXpm(char *filename)
|
||
|
if(overflow2(sizeof(int), number)) {
|
||
|
goto done;
|
||
|
}
|
||
|
+ for(i = 0; i < number; i++) {
|
||
|
+ /*
|
||
|
+ avoid NULL pointer dereference
|
||
|
+ TODO better fix need to manage monochrome/monovisual
|
||
|
+ see m_color or g4_color or g_color
|
||
|
+ */
|
||
|
+ if (!image.colorTable[i].c_color) {
|
||
|
+ goto done;
|
||
|
+ }
|
||
|
+ }
|
||
|
|
||
|
colors = (int *)gdMalloc(sizeof(int) * number);
|
||
|
if(colors == NULL) {
|
||
|
--
|
||
|
1.8.5.2
|
||
|
|