blob: 54ef22cb628632f858ec52ddc0f00af66b4c1738 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
From 6ab531ef0d82efb9e00236ee5ea23928335d221f Mon Sep 17 00:00:00 2001
From: Catalin Enache <catalin.enache@windriver.com>
Date: Fri, 7 Apr 2017 12:30:22 +0300
Subject: [PATCH] Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
We must not pretend that there are image data if there are none. Instead
we fail reading the image file gracefully.
Upstream-Status: Backport
CVE: CVE-2016-10167
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
---
src/gd_gd2.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/src/gd_gd2.c b/src/gd_gd2.c
index 8df93c1..bae65ea 100644
--- a/src/gd_gd2.c
+++ b/src/gd_gd2.c
@@ -445,18 +445,16 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGd2Ctx (gdIOCtxPtr in)
if (im->trueColor) {
if (!gdGetInt (&im->tpixels[y][x], in)) {
- /*printf("EOF while reading\n"); */
- /*gdImageDestroy(im); */
- /*return 0; */
- im->tpixels[y][x] = 0;
+ gd_error("gd2: EOF while reading\n");
+ gdImageDestroy(im);
+ return NULL;
}
} else {
int ch;
if (!gdGetByte (&ch, in)) {
- /*printf("EOF while reading\n"); */
- /*gdImageDestroy(im); */
- /*return 0; */
- ch = 0;
+ gd_error("gd2: EOF while reading\n");
+ gdImageDestroy(im);
+ return NULL;
}
im->pixels[y][x] = ch;
}
--
2.10.2
|
