diff options
Diffstat (limited to 'gnu/packages/patches/gd-CVE-2018-1000222.patch')
-rw-r--r-- | gnu/packages/patches/gd-CVE-2018-1000222.patch | 87 |
1 files changed, 0 insertions, 87 deletions
diff --git a/gnu/packages/patches/gd-CVE-2018-1000222.patch b/gnu/packages/patches/gd-CVE-2018-1000222.patch deleted file mode 100644 index 7e94295bb6..0000000000 --- a/gnu/packages/patches/gd-CVE-2018-1000222.patch +++ /dev/null @@ -1,87 +0,0 @@ -Fix CVE-2018-1000222: - -https://github.com/libgd/libgd/issues/447 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000222 - -Patch copied from upstream source repository: - -https://github.com/libgd/libgd/commit/4b1e18a00ce7c4b7e6919c3b3109a034393b805a - -From 4b1e18a00ce7c4b7e6919c3b3109a034393b805a Mon Sep 17 00:00:00 2001 -From: Mike Frysinger <vapier@gentoo.org> -Date: Sat, 14 Jul 2018 13:54:08 -0400 -Subject: [PATCH] bmp: check return value in gdImageBmpPtr - -Closes #447. - -(cherry picked from commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5) ---- - src/gd_bmp.c | 17 ++++++++++++++--- - 1 file changed, 14 insertions(+), 3 deletions(-) - -diff --git a/src/gd_bmp.c b/src/gd_bmp.c -index ccafdcd..d625da1 100644 ---- a/src/gd_bmp.c -+++ b/src/gd_bmp.c -@@ -48,6 +48,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp - static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp_hdr_t *header); - static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info); - -+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression); -+ - #define BMP_DEBUG(s) - - static int gdBMPPutWord(gdIOCtx *out, int w) -@@ -88,8 +90,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, int compression) - void *rv; - gdIOCtx *out = gdNewDynamicCtx(2048, NULL); - if (out == NULL) return NULL; -- gdImageBmpCtx(im, out, compression); -- rv = gdDPExtractData(out, size); -+ if (!_gdImageBmpCtx(im, out, compression)) -+ rv = gdDPExtractData(out, size); -+ else -+ rv = NULL; - out->gd_free(out); - return rv; - } -@@ -142,6 +146,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE *outFile, int compression) - compression - whether to apply RLE or not. - */ - BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) -+{ -+ _gdImageBmpCtx(im, out, compression); -+} -+ -+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) - { - int bitmap_size = 0, info_size, total_size, padding; - int i, row, xpos, pixel; -@@ -149,6 +158,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) - unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL; - FILE *tmpfile_for_compression = NULL; - gdIOCtxPtr out_original = NULL; -+ int ret = 1; - - /* No compression if its true colour or we don't support seek */ - if (im->trueColor) { -@@ -326,6 +336,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) - out_original = NULL; - } - -+ ret = 0; - cleanup: - if (tmpfile_for_compression) { - #ifdef _WIN32 -@@ -339,7 +350,7 @@ cleanup: - if (out_original) { - out_original->gd_free(out_original); - } -- return; -+ return ret; - } - - static int compress_row(unsigned char *row, int length) --- -2.18.0 - |