author | Craig Mohrman <craig.mohrman@oracle.com> |
Thu, 12 Feb 2015 10:14:29 -0800 | |
branch | s11-update |
changeset 3777 | 68aef260e079 |
permissions | -rw-r--r-- |
3777
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
1 |
Fix for CVE-2014-2497 |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
2 |
Patch: |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
3 |
http://git.php.net/?p=php-src.git;a=patch;h=cf4753691dc55999373d1c576f62ecb298723420 |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
4 |
Code: |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
5 |
http://git.php.net/?p=php-src.git;a=commit;h=cf4753691dc55999373d1c576f62ecb298723420 |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
6 |
Verified by hand that it patches the correct code. |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
7 |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
8 |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
9 |
diff --git a/ext/gd/libgd/gdxpm.c b/ext/gd/libgd/gdxpm.c |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
10 |
index 73f86e5..b69414e 100644 |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
11 |
--- a/ext/gd/libgd/gdxpm.c |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
12 |
+++ b/ext/gd/libgd/gdxpm.c |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
13 |
@@ -31,12 +31,17 @@ gdImagePtr gdImageCreateFromXpm (char *filename) |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
14 |
if (ret != XpmSuccess) { |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
15 |
return 0; |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
16 |
} |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
17 |
+ number = image.ncolors; |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
18 |
+ for(i = 0; i < number; i++) { |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
19 |
+ if (!image.colorTable[i].c_color) { |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
20 |
+ goto done; |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
21 |
+ } |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
22 |
+ } |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
23 |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
24 |
if (!(im = gdImageCreate(image.width, image.height))) { |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
25 |
goto done; |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
26 |
} |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
27 |
|
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
28 |
- number = image.ncolors; |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
29 |
colors = (int *) safe_emalloc(number, sizeof(int), 0); |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
30 |
for (i = 0; i < number; i++) { |
68aef260e079
19838509 upgrade php to version 5.3.29
Craig Mohrman <craig.mohrman@oracle.com>
parents:
diff
changeset
|
31 |
switch (strlen (image.colorTable[i].c_color)) { |