diff options
Diffstat (limited to 'meta-oe/recipes-devtools/php/php/CVE-2018-5711.patch')
-rw-r--r-- | meta-oe/recipes-devtools/php/php/CVE-2018-5711.patch | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2018-5711.patch b/meta-oe/recipes-devtools/php/php/CVE-2018-5711.patch deleted file mode 100644 index 596244d6ba..0000000000 --- a/meta-oe/recipes-devtools/php/php/CVE-2018-5711.patch +++ /dev/null @@ -1,56 +0,0 @@ -From b04cd19b76374ebce8f3326275bdfd7e9b9aeab5 Mon Sep 17 00:00:00 2001 -From: Li Zhou <li.zhou@windriver.com> -Date: Sun, 11 Feb 2018 15:03:21 +0800 -Subject: [PATCH] Fixed bug #75571: Potential infinite loop in - gdImageCreateFromGifCtx - -Due to a signedness confusion in `GetCode_` a corrupt GIF file can -trigger an infinite loop. Furthermore we make sure that a GIF without -any palette entries is treated as invalid *after* open palette entries -have been removed. - -Upstream-Status: Backport -CVE: CVE-2018-5711 -Signed-off-by: Li Zhou <li.zhou@windriver.com> ---- - ext/gd/libgd/gd_gif_in.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/ext/gd/libgd/gd_gif_in.c b/ext/gd/libgd/gd_gif_in.c -index 76ba152..7156e4b 100644 ---- a/ext/gd/libgd/gd_gif_in.c -+++ b/ext/gd/libgd/gd_gif_in.c -@@ -261,10 +261,6 @@ terminated: - if (!im) { - return 0; - } -- if (!im->colorsTotal) { -- gdImageDestroy(im); -- return 0; -- } - /* Check for open colors at the end, so - we can reduce colorsTotal and ultimately - BitsPerPixel */ -@@ -275,6 +271,10 @@ terminated: - break; - } - } -+ if (!im->colorsTotal) { -+ gdImageDestroy(im); -+ return 0; -+ } - return im; - } - /* }}} */ -@@ -375,7 +375,7 @@ static int - GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP) - { - int i, j, ret; -- unsigned char count; -+ int count; - - if (flag) { - scd->curbit = 0; --- -1.9.1 - |