gd: add patch for CVE-2014-2497

Fixes CVE-2014-2497 - NULL pointer dereference Patch from upstream: 463c3bd09b Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-08-15 15:02:52 -03:00 · 2014-08-15 15:02:52 -03:00 · 60332f38f5
commit 60332f38f5
parent 85448febb3
1 changed files with 33 additions and 0 deletions
--- a/package/gd/gd-04-CVE-2014-2497.patch
+++ b/package/gd/gd-04-CVE-2014-2497.patch
@ -0,0 +1,33 @@
+From 463c3bd09bfe8e924e19acad7a2a6af16953a704 Mon Sep 17 00:00:00 2001
+From: Remi Collet <fedora@famillecollet.com>
+Date: Mon, 4 Aug 2014 10:31:25 +0200
+Subject: [PATCH] CVE-2014-2497, NULL pointer dereference, fix #126
+
+---
+ src/gdxpm.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/gdxpm.c b/src/gdxpm.c
+index ae6e336..15603a6 100644
+--- a/src/gdxpm.c
+++ b/src/gdxpm.c
+@@ -83,6 +83,16 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXpm(char *filename)
+ 	if(overflow2(sizeof(int), number)) {
+ 		goto done;
+ 	}
+	for(i = 0; i < number; i++) {
+		/*
+		   avoid NULL pointer dereference
+		   TODO better fix need to manage monochrome/monovisual
+		   see m_color or g4_color or g_color
+		*/
+		if (!image.colorTable[i].c_color) {
+			goto done;
+		}
+	}
+ 
+ 	colors = (int *)gdMalloc(sizeof(int) * number);
+ 	if(colors == NULL) {
+-- 
+1.8.5.2
+