1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
|
From 463c3bd09bfe8e924e19acad7a2a6af16953a704 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Mon, 4 Aug 2014 10:31:25 +0200
Subject: [PATCH] CVE-2014-2497, NULL pointer dereference, fix #126
--- a/gdxpm.c
+++ b/gdxpm.c
@@ -43,10 +43,16 @@
if (ret != XpmSuccess)
return 0;
+ number = image.ncolors;
+ for(i = 0; i < number; i++) {
+ if (!image.colorTable[i].c_color) {
+ return 0;
+ }
+ }
+
if (!(im = gdImageCreate (image.width, image.height)))
return 0;
- number = image.ncolors;
if (overflow2(sizeof (int), number)) {
return 0;
}
|