Author: qboosh Date: Sun Mar 5 14:22:26 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- overflow fixes (from FC)
---- Files affected:
SOURCES:
gd-security.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/gd-security.patch
diff -u /dev/null SOURCES/gd-security.patch:1.1
--- /dev/null Sun Mar 5 15:22:26 2006
+++ SOURCES/gd-security.patch Sun Mar 5 15:22:21 2006
@@ -0,0 +1,39 @@
+diff -u gd-2.0.28/gd.c gd-2.0.28/gd.c
+--- gd-2.0.28/gd.c 2004-11-02 17:47:12.977824069 +0100
++++ gd-2.0.28/gd.c 2006-01-20 11:14:42.000000000 +0100
+@@ -73,6 +73,11 @@
+ gdImagePtr im;
+ im = (gdImage *) gdMalloc (sizeof (gdImage));
+ memset (im, 0, sizeof (gdImage));
++ if (overflow2(sizeof (unsigned char *), sy))
++ {
++ gdFree(im);
++ return NULL;
++ }
+ /* Row-major ever since gd 1.3 */
+ im->pixels = (unsigned char **) gdMalloc (sizeof (unsigned char *) * sy);
+ im->polyInts = 0;
+@@ -2586,6 +2591,9 @@
+ {
+ im->polyAllocated *= 2;
+ }
++ if (overflow2(sizeof (int), im->polyAllocated)) {
++ return;
++ }
+ im->polyInts = (int *) gdRealloc (im->polyInts,
+ sizeof (int) * im->polyAllocated);
+ }
+only in patch2:
+unchanged:
+--- gd-2.0.28/gdxpm.c.security 2006-01-20 11:14:52.000000000 +0100
++++ gd-2.0.28/gdxpm.c 2006-01-20 11:15:26.000000000 +0100
+@@ -48,6 +48,9 @@
+ return 0;
+
+ number = image.ncolors;
++ if (overflow2(sizeof (int), number)) {
++ return 0;
++ }
+ colors = (int *) gdMalloc (sizeof (int) * number);
+ if (colors == NULL)
+ return (0);
================================================================
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
