Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
gd.3820
gd-CVE-2016-6911.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gd-CVE-2016-6911.patch of Package gd.3820
Index: libgd-2.1.0/src/gd_io_dp.c =================================================================== --- libgd-2.1.0.orig/src/gd_io_dp.c 2016-10-20 11:27:09.030571666 +0200 +++ libgd-2.1.0/src/gd_io_dp.c 2016-10-20 11:27:09.038571786 +0200 @@ -262,21 +262,25 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, dctx = (dpIOCtxPtr) ctx; dp = dctx->dp; + if (dp->pos < 0 || dp->pos >= dp->realSize) { + return 0; + } + remain = dp->logicalSize - dp->pos; if(remain >= len) { rlen = len; } else { if(remain <= 0) { - /* 2.0.34: EOF is incorrect. We use 0 for - * errors and EOF, just like fileGetbuf, - * which is a simple fread() wrapper. - * TBB. Original bug report: Daniel Cowgill. */ - return 0; /* NOT EOF */ + return 0; } rlen = remain; } + if (dp->pos + rlen > dp->realSize) { + rlen = dp->realSize - dp->pos; + } + memcpy(buf, (void *) ((char *)dp->data + dp->pos), rlen); dp->pos += rlen; Index: libgd-2.1.0/src/gd_tiff.c =================================================================== --- libgd-2.1.0.orig/src/gd_tiff.c 2013-06-25 11:58:23.000000000 +0200 +++ libgd-2.1.0/src/gd_tiff.c 2016-10-20 11:27:09.038571786 +0200 @@ -727,6 +727,7 @@ static int createFromTiffRgba(TIFF * tif int height = im->sy; uint32 *buffer; uint32 rgba; + int success; /* switch off colour merging on target gd image just while we write out * content - we want to preserve the alpha data until the user chooses @@ -739,18 +740,20 @@ static int createFromTiffRgba(TIFF * tif return GD_FAILURE; } - TIFFReadRGBAImage(tif, width, height, buffer, 0); + success = TIFFReadRGBAImage(tif, width, height, buffer, 1); - for(y = 0; y < height; y++) { - for(x = 0; x < width; x++) { - /* if it doesn't already exist, allocate a new colour, - * else use existing one */ - rgba = buffer[(y * width + x)]; - a = (0xff - TIFFGetA(rgba)) / 2; - color = gdTrueColorAlpha(TIFFGetR(rgba), TIFFGetG(rgba), TIFFGetB(rgba), a); - - /* set pixel colour to this colour */ - gdImageSetPixel(im, x, height - y - 1, color); + if (success) { + for(y = 0; y < height; y++) { + for(x = 0; x < width; x++) { + /* if it doesn't already exist, allocate a new colour, + * else use existing one */ + rgba = buffer[(y * width + x)]; + a = (0xff - TIFFGetA(rgba)) / 2; + color = gdTrueColorAlpha(TIFFGetR(rgba), TIFFGetG(rgba), TIFFGetB(rgba), a); + + /* set pixel colour to this colour */ + gdImageSetPixel(im, x, height - y - 1, color); + } } } @@ -758,7 +761,7 @@ static int createFromTiffRgba(TIFF * tif /* now reset colour merge for alpha blending routines */ gdImageAlphaBlending(im, alphaBlendingFlag); - return GD_SUCCESS; + return success; } /* gdImageCreateFromTiffCtx
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor