Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
gd
gd-CVE-2016-6207.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gd-CVE-2016-6207.patch of Package gd
Index: libgd-2.1.0/src/gd.c =================================================================== --- libgd-2.1.0.orig/src/gd.c 2013-06-25 11:58:23.000000000 +0200 +++ libgd-2.1.0/src/gd.c 2016-08-08 15:04:29.487691217 +0200 @@ -207,7 +207,7 @@ BGD_DECLARE(gdImagePtr) gdImageCreateTru return 0; } - if (overflow2(sizeof(int), sx)) { + if (overflow2(sizeof(int *), sx)) { return NULL; } Index: libgd-2.1.0/src/gd_interpolation.c =================================================================== --- libgd-2.1.0.orig/src/gd_interpolation.c 2013-06-25 11:58:23.000000000 +0200 +++ libgd-2.1.0/src/gd_interpolation.c 2016-08-08 15:05:50.725062244 +0200 @@ -901,6 +901,7 @@ static inline LineContribType * _gdContr { unsigned int u = 0; LineContribType *res; + int overflow_error = 0; res = (LineContribType *) gdMalloc(sizeof(LineContribType)); if (!res) { @@ -908,10 +909,31 @@ static inline LineContribType * _gdContr } res->WindowSize = windows_size; res->LineLength = line_length; + if (overflow2(line_length, sizeof(ContributionType))) { + gdFree(res); + return NULL; + } res->ContribRow = (ContributionType *) gdMalloc(line_length * sizeof(ContributionType)); - + if (res->ContribRow == NULL) { + gdFree(res); + return NULL; + } for (u = 0 ; u < line_length ; u++) { - res->ContribRow[u].Weights = (double *) gdMalloc(windows_size * sizeof(double)); + if (overflow2(windows_size, sizeof(double))) { + overflow_error = 1; + } else { + res->ContribRow[u].Weights = (double *) gdMalloc(windows_size * sizeof(double)); + } + if (overflow_error == 1 || res->ContribRow[u].Weights == NULL) { + unsigned int i; + u--; + for (i=0;i<=u;i++) { + gdFree(res->ContribRow[i].Weights); + } + gdFree(res->ContribRow); + gdFree(res); + return NULL; + } } return res; } @@ -944,7 +966,9 @@ static inline LineContribType *_gdContri windows_size = 2 * (int)ceil(width_d) + 1; res = _gdContributionsAlloc(line_size, windows_size); - + if (res == NULL) { + return NULL; + } for (u = 0; u < line_size; u++) { const double dCenter = (double)u / scale_d; /* get the significant edge points affecting the pixel */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor