Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:GA
php7
php-CVE-2019-6978.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-CVE-2019-6978.patch of Package php7
Index: php-7.0.7/ext/gd/libgd/gd_gif_out.c =================================================================== --- php-7.0.7.orig/ext/gd/libgd/gd_gif_out.c 2019-01-31 11:43:29.055182701 +0100 +++ php-7.0.7/ext/gd/libgd/gd_gif_out.c 2019-01-31 11:47:50.032643403 +0100 @@ -97,12 +97,18 @@ static void cl_hash (register count_int static void char_init (GifCtx *ctx); static void char_out (int c, GifCtx *ctx); static void flush_char (GifCtx *ctx); + +static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out); + void * gdImageGifPtr (gdImagePtr im, int *size) { void *rv; gdIOCtx *out = gdNewDynamicCtx (2048, NULL); - gdImageGifCtx (im, out); - rv = gdDPExtractData (out, size); + if (!_gdImageGifCtx(im, out)) { + rv = gdDPExtractData(out, size); + } else { + rv = NULL; + } out->gd_free (out); return rv; } @@ -116,6 +122,12 @@ void gdImageGif (gdImagePtr im, FILE * o void gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) { + _gdImageGifCtx(im, out); +} + +/* returns 0 on success, 1 on failure */ +static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) +{ gdImagePtr pim = 0, tim = im; int interlace, BitsPerPixel; interlace = im->interlace; @@ -125,7 +137,7 @@ void gdImageGifCtx(gdImagePtr im, gdIOCt based temporary image. */ pim = gdImageCreatePaletteFromTrueColor(im, 1, 256); if (!pim) { - return; + return 1; } tim = pim; } @@ -138,6 +150,7 @@ void gdImageGifCtx(gdImagePtr im, gdIOCt /* Destroy palette based temporary image. */ gdImageDestroy( pim); } + return 0; } static int Index: php-7.0.7/ext/gd/libgd/gd_jpeg.c =================================================================== --- php-7.0.7.orig/ext/gd/libgd/gd_jpeg.c 2016-05-25 15:13:44.000000000 +0200 +++ php-7.0.7/ext/gd/libgd/gd_jpeg.c 2019-01-31 11:50:14.253452069 +0100 @@ -132,6 +132,8 @@ const char * gdJpegGetVersionString() } +static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality); + /* * Write IM to OUTFILE as a JFIF-formatted JPEG image, using quality * QUALITY. If QUALITY is in the range 0-100, increasing values @@ -152,8 +154,11 @@ void *gdImageJpegPtr (gdImagePtr im, int { void *rv; gdIOCtx *out = gdNewDynamicCtx (2048, NULL); - gdImageJpegCtx (im, out, quality); - rv = gdDPExtractData (out, size); + if (!_gdImageJpegCtx(im, out, quality)) { + rv = gdDPExtractData(out, size); + } else { + rv = NULL; + } out->gd_free (out); return rv; @@ -163,6 +168,12 @@ void jpeg_gdIOCtx_dest (j_compress_ptr c void gdImageJpegCtx (gdImagePtr im, gdIOCtx * outfile, int quality) { + _gdImageJpegCtx(im, outfile, quality); +} + +/* returns 0 on success, 1 on failure */ +static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) +{ struct jpeg_compress_struct cinfo; struct jpeg_error_mgr jerr; int i, j, jidx; @@ -183,7 +194,7 @@ void gdImageJpegCtx (gdImagePtr im, gdIO if (row) { gdFree (row); } - return; + return 1; } cinfo.err->error_exit = fatal_jpeg_error; @@ -271,6 +282,7 @@ void gdImageJpegCtx (gdImagePtr im, gdIO jpeg_finish_compress (&cinfo); jpeg_destroy_compress (&cinfo); gdFree (row); + return 0; } gdImagePtr gdImageCreateFromJpeg (FILE * inFile) Index: php-7.0.7/ext/gd/libgd/gd_wbmp.c =================================================================== --- php-7.0.7.orig/ext/gd/libgd/gd_wbmp.c 2016-05-25 15:13:44.000000000 +0200 +++ php-7.0.7/ext/gd/libgd/gd_wbmp.c 2019-01-31 11:56:11.939457702 +0100 @@ -81,6 +81,7 @@ int gd_getin (void *in) return (gdGetC((gdIOCtx *) in)); } +static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out); /* gdImageWBMPCtx ** -------------- @@ -93,6 +94,12 @@ int gd_getin (void *in) */ void gdImageWBMPCtx (gdImagePtr image, int fg, gdIOCtx * out) { + _gdImageWBMPCtx(image, fg, out); +} + +/* returns 0 on success, 1 on failure */ +static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) +{ int x, y, pos; Wbmp *wbmp; @@ -114,10 +121,13 @@ void gdImageWBMPCtx (gdImagePtr image, i /* write the WBMP to a gd file descriptor */ if (writewbmp (wbmp, &gd_putout, out)) { + freewbmp(wbmp); php_gd_error("Could not save WBMP"); + return 1; } /* des submitted this bugfix: gdFree the memory. */ freewbmp(wbmp); + return 0; } /* gdImageCreateFromWBMPCtx @@ -202,8 +212,11 @@ void * gdImageWBMPPtr (gdImagePtr im, in { void *rv; gdIOCtx *out = gdNewDynamicCtx(2048, NULL); - gdImageWBMPCtx(im, fg, out); - rv = gdDPExtractData(out, size); + if (!_gdImageWBMPCtx(im, fg, out)) { + rv = gdDPExtractData(out, size); + } else { + rv = NULL; + } out->gd_free(out); return rv;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor