1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
From 463c3bd09bfe8e924e19acad7a2a6af16953a704 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Mon, 4 Aug 2014 10:31:25 +0200
Subject: [PATCH] CVE-2014-2497, NULL pointer dereference, fix #126
--- a/gdxpm.c
+++ b/gdxpm.c
@@ -43,10 +43,16 @@
if (ret != XpmSuccess)
return 0;
+ number = image.ncolors;
+ for(i = 0; i < number; i++) {
+ if (!image.colorTable[i].c_color) {
+ return 0;
+ }
+ }
+
if (!(im = gdImageCreate (image.width, image.height)))
return 0;
- number = image.ncolors;
if (overflow2(sizeof (int), number)) {
return 0;
}
|
