summaryrefslogtreecommitdiff
path: root/user/libgd/CVE-2019-6977.patch
diff options
context:
space:
mode:
Diffstat (limited to 'user/libgd/CVE-2019-6977.patch')
-rw-r--r--user/libgd/CVE-2019-6977.patch21
1 files changed, 21 insertions, 0 deletions
diff --git a/user/libgd/CVE-2019-6977.patch b/user/libgd/CVE-2019-6977.patch
new file mode 100644
index 000000000..4cfb9ab98
--- /dev/null
+++ b/user/libgd/CVE-2019-6977.patch
@@ -0,0 +1,21 @@
+Bug: https://bts.adelielinux.org/show_bug.cgi?id=159
+Backported-From: http://git.php.net/?p=php-src.git;a=commit;h=7a12dad4dd6c370835b13afae214b240082c7538
+Author: A. Wilcox <awilfox@adelielinux.org>
+Bug: https://bugs.php.net/bug.php?id=77270
+Author: Christoph M. Becker <cmbecker69@gmx.de>
+Committer: Stanislav Malyshev <stas@php.net>
+Upstream-Status: unknown
+
+--- libgd-2.2.5/src/gd_color_match.c.old 2017-08-30 11:05:54.000000000 +0000
++++ libgd-2.2.5/src/gd_color_match.c 2019-10-03 16:17:55.842322245 +0000
+@@ -31,8 +31,8 @@
+ return -4; /* At least 1 color must be allocated */
+ }
+
+- buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * im2->colorsTotal);
+- memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal );
++ buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * gdMaxColors);
++ memset( buf, 0, sizeof(unsigned long) * 5 * gdMaxColors );
+
+ for (x=0; x < im1->sx; x++) {
+ for( y=0; y<im1->sy; y++ ) {
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-11-08 03:48:43 +0000