Package: libgd2 / 2.0.36~rc1~dfsg-6.1+deb7u2

0007_gd2-handle-corrupt-images-better-CVE-2016-3074.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
Description: gd2: handle corrupt images better (CVE-2016-3074)
Origin: backport, https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19
Bug-Debian: https://bugs.debian.org/822242
Forwarded: not-needed
Author: Mike Frysinger <vapier@gentoo.org>
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2016-04-23

---

--- a/gd_gd2.c
+++ b/gd_gd2.c
@@ -178,12 +178,14 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, i
 	{
 	  if (gdGetInt (&cidx[i].offset, in) != 1)
 	    {
-	      goto fail1;
+	      goto fail2;
 	    };
 	  if (gdGetInt (&cidx[i].size, in) != 1)
 	    {
-	      goto fail1;
+	      goto fail2;
 	    };
+	  if (cidx[i].offset < 0 || cidx[i].size < 0)
+	      goto fail2;
 	};
       *chunkIdx = cidx;
     };
@@ -192,6 +194,8 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, i
 
   return 1;
 
+fail2:
+  gdFree(cidx);
 fail1:
   return 0;
 }