From a93eac0e843148dc2d631c3ba80af17e9c8c860f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A1bio=20Cabral=20Pacheco?= <fcabralpacheco@gmail.com> Date: Fri, 20 Dec 2019 12:03:33 -0300 Subject: [PATCH] Fix potential NULL pointer dereference in gdImageClone() --- src/gd.c | 9 +-------- tests/gdimageclone/CMakeLists.txt | 1 + tests/gdimageclone/Makemodule.am | 3 ++- tests/gdimageclone/style.c | 30 ++++++++++++++++++++++++++++++ 5 files changed, 35 insertions(+), 9 deletions(-) create mode 100644 tests/gdimageclone/style.c diff --git a/src/gd.c b/src/gd.c index 592a0286..d564d1f9 100644 --- a/src/gd.c +++ b/src/gd.c @@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) { } } - if (src->styleLength > 0) { - dst->styleLength = src->styleLength; - dst->stylePos = src->stylePos; - for (i = 0; i < src->styleLength; i++) { - dst->style[i] = src->style[i]; - } - } - dst->interlace = src->interlace; dst->alphaBlendingFlag = src->alphaBlendingFlag; @@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) { if (src->style) { gdImageSetStyle(dst, src->style, src->styleLength); + dst->stylePos = src->stylePos; } for (i = 0; i < gdMaxColors; i++) { diff --git a/tests/gdimageclone/CMakeLists.txt b/tests/gdimageclone/CMakeLists.txt index e6ccc318..662f4e96 100644 --- a/tests/gdimageclone/CMakeLists.txt +++ b/tests/gdimageclone/CMakeLists.txt @@ -1,5 +1,6 @@ LIST(APPEND TESTS_FILES bug00300 + style ) ADD_GD_TESTS() diff --git a/tests/gdimageclone/Makemodule.am b/tests/gdimageclone/Makemodule.am index 4b1b54c0..51abf5c1 100644 --- a/tests/gdimageclone/Makemodule.am +++ b/tests/gdimageclone/Makemodule.am @@ -1,5 +1,6 @@ libgd_test_programs += \ - gdimageclone/bug00300 + gdimageclone/bug00300 \ + gdimageclone/style EXTRA_DIST += \ gdimageclone/CMakeLists.txt diff --git a/tests/gdimageclone/style.c b/tests/gdimageclone/style.c new file mode 100644 index 00000000..c2b246ed --- /dev/null +++ b/tests/gdimageclone/style.c @@ -0,0 +1,30 @@ +/** + * Cloning an image should exactly reproduce all style related data + */ + + +#include <string.h> +#include "gd.h" +#include "gdtest.h" + + +int main() +{ + gdImagePtr im, clone; + int style[] = {0, 0, 0}; + + im = gdImageCreate(8, 8); + gdImageSetStyle(im, style, sizeof(style)/sizeof(style[0])); + + clone = gdImageClone(im); + gdTestAssert(clone != NULL); + + gdTestAssert(clone->styleLength == im->styleLength); + gdTestAssert(clone->stylePos == im->stylePos); + gdTestAssert(!memcmp(clone->style, im->style, sizeof(style)/sizeof(style[0]))); + + gdImageDestroy(clone); + gdImageDestroy(im); + + return gdNumFailures(); +}