equal
deleted
inserted
replaced
|
1 Fix for CVE-2014-2497 |
|
2 Patch: |
|
3 http://git.php.net/?p=php-src.git;a=patch;h=cf4753691dc55999373d1c576f62ecb298723420 |
|
4 Code: |
|
5 http://git.php.net/?p=php-src.git;a=commit;h=cf4753691dc55999373d1c576f62ecb298723420 |
|
6 Verified by hand that it patches the correct code. |
|
7 |
|
8 |
|
9 diff --git a/ext/gd/libgd/gdxpm.c b/ext/gd/libgd/gdxpm.c |
|
10 index 73f86e5..b69414e 100644 |
|
11 --- a/ext/gd/libgd/gdxpm.c |
|
12 +++ b/ext/gd/libgd/gdxpm.c |
|
13 @@ -31,12 +31,17 @@ gdImagePtr gdImageCreateFromXpm (char *filename) |
|
14 if (ret != XpmSuccess) { |
|
15 return 0; |
|
16 } |
|
17 + number = image.ncolors; |
|
18 + for(i = 0; i < number; i++) { |
|
19 + if (!image.colorTable[i].c_color) { |
|
20 + goto done; |
|
21 + } |
|
22 + } |
|
23 |
|
24 if (!(im = gdImageCreate(image.width, image.height))) { |
|
25 goto done; |
|
26 } |
|
27 |
|
28 - number = image.ncolors; |
|
29 colors = (int *) safe_emalloc(number, sizeof(int), 0); |
|
30 for (i = 0; i < number; i++) { |
|
31 switch (strlen (image.colorTable[i].c_color)) { |