Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/php-5_3/php-sapi/patches/190_php_18857741.patch
branchs11-update
changeset 3777 68aef260e079 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_3/php-sapi/patches/190_php_18857741.patch	Thu Feb 12 10:14:29 2015 -0800
@@ -0,0 +1,31 @@
+Fix for CVE-2014-2497
+Patch:
+http://git.php.net/?p=php-src.git;a=patch;h=cf4753691dc55999373d1c576f62ecb298723420
+Code:
+http://git.php.net/?p=php-src.git;a=commit;h=cf4753691dc55999373d1c576f62ecb298723420
+Verified by hand that it patches the correct code.
+
+
+diff --git a/ext/gd/libgd/gdxpm.c b/ext/gd/libgd/gdxpm.c
+index 73f86e5..b69414e 100644
+--- a/ext/gd/libgd/gdxpm.c
++++ b/ext/gd/libgd/gdxpm.c
+@@ -31,12 +31,17 @@ gdImagePtr gdImageCreateFromXpm (char *filename)
+ 	if (ret != XpmSuccess) {
+ 		return 0;
+ 	}
++	number = image.ncolors;
++	for(i = 0; i < number; i++) {
++		if (!image.colorTable[i].c_color) {
++			goto done;
++		}
++	}
+ 
+ 	if (!(im = gdImageCreate(image.width, image.height))) {
+ 		goto done;
+ 	}
+ 
+-	number = image.ncolors;
+ 	colors = (int *) safe_emalloc(number, sizeof(int), 0);
+ 	for (i = 0; i < number; i++) {
+ 		switch (strlen (image.colorTable[i].c_color)) {
upstream/oracle/userland-gate