Fix for CVE CVE-2016-10167
DOS vulnerability in gdImageCreateFromGd2Ctx()
Change based on commit at:
https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f
--- gd_gd2.c.orig 2017-01-31 07:09:38.043472825 +0000
+++ gd_gd2.c 2017-01-31 07:40:06.395740258 +0000
@@ -414,10 +414,9 @@
{
if (!gdGetInt (&im->tpixels[y][x], in))
{
- /*printf("EOF while reading\n"); */
- /*gdImageDestroy(im); */
- /*return 0; */
- im->tpixels[y][x] = 0;
+ fprintf (stderr, "gd2: EOF while reading\n");
+ gdImageDestroy(im);
+ return NULL;
}
}
else
@@ -425,10 +424,9 @@
int ch;
if (!gdGetByte (&ch, in))
{
- /*printf("EOF while reading\n"); */
- /*gdImageDestroy(im); */
- /*return 0; */
- ch = 0;
+ fprintf (stderr, "gd2: EOF while reading\n");
+ gdImageDestroy(im);
+ return NULL;
}
im->pixels[y][x] = ch;
}