rpms / gd

Clone
Source Code
GIT

Blame SOURCES/gd-CVE-2016-5766.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   ffece90039f1721954a40b46304a0922785a55a1
  2.   SOURCES
  3.   gd-CVE-2016-5766.patch
Blob History Raw
ffece9 
created according to:   https://github.com/libgd/libgd/commit/aba3db8
ffece9 
                        https://github.com/libgd/libgd/commit/a6a0e7feabb2a9738086a5dc96348f233c87fa79
ffece9 
                        https://github.com/libgd/libgd/commit/48bbc25
ffece9 
diff -urN '--exclude=cscope.*' gd-2.0.35/gd_gd2.c fixed/gd_gd2.c
ffece9 
--- gd-2.0.35/gd_gd2.c	2007-01-04 13:40:48.000000000 +0100
ffece9 
+++ fixed/gd_gd2.c	2020-11-04 08:46:03.800937688 +0100
ffece9 
@@ -169,11 +169,17 @@
ffece9 
     {
ffece9 
       nc = (*ncx) * (*ncy);
ffece9 
       GD2_DBG (printf ("Reading %d chunk index entries\n", nc));
ffece9 
+      if (overflow2(sizeof(t_chunk_info), nc)) {
ffece9 
+		goto fail1;
ffece9 
+      }
ffece9 
       sidx = sizeof (t_chunk_info) * nc;
ffece9 
+      if (sidx <=0) {
ffece9 
+		goto fail1;
ffece9 
+      }
ffece9 
       cidx = gdCalloc (sidx, 1);
ffece9 
-			if (!cidx) {
ffece9 
-				goto fail1;
ffece9 
-			}
ffece9 
+      if (cidx == NULL) {
ffece9 
+		goto fail1;
ffece9 
+      }
ffece9 
       for (i = 0; i < nc; i++)
ffece9 
 	{
ffece9 
 	  if (gdGetInt (&cidx[i].offset, in) != 1)

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation