Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/php-5_3/php-sapi/patches/190_php_18857741.patch
author Craig Mohrman <craig.mohrman@oracle.com>
Tue, 16 Jun 2015 14:11:47 -0700
changeset 4494 f5b717124172
parent 3727 425608dcd0e3
permissions -rw-r--r--
20192108 problem in UTILITY/PHP 20231115 problem in UTILITY/PHP 20936509 problem in UTILITY/PHP 20804024 problem in UTILITY/PHP 20804061 problem in UTILITY/PHP 20804135 problem in UTILITY/PHP 20804363 problem in UTILITY/PHP 20804424 problem in UTILITY/PHP 20433657 problem in UTILITY/PHP 20803998 problem in UTILITY/PHP 20804391 problem in UTILITY/PHP

Fix for CVE-2014-2497
Patch:
http://git.php.net/?p=php-src.git;a=patch;h=cf4753691dc55999373d1c576f62ecb298723420
Code:
http://git.php.net/?p=php-src.git;a=commit;h=cf4753691dc55999373d1c576f62ecb298723420
Verified by hand that it patches the correct code.


diff --git a/ext/gd/libgd/gdxpm.c b/ext/gd/libgd/gdxpm.c
index 73f86e5..b69414e 100644
--- a/ext/gd/libgd/gdxpm.c
+++ b/ext/gd/libgd/gdxpm.c
@@ -31,12 +31,17 @@ gdImagePtr gdImageCreateFromXpm (char *filename)
 	if (ret != XpmSuccess) {
 		return 0;
 	}
+	number = image.ncolors;
+	for(i = 0; i < number; i++) {
+		if (!image.colorTable[i].c_color) {
+			goto done;
+		}
+	}
 
 	if (!(im = gdImageCreate(image.width, image.height))) {
 		goto done;
 	}
 
-	number = image.ncolors;
 	colors = (int *) safe_emalloc(number, sizeof(int), 0);
 	for (i = 0; i < number; i++) {
 		switch (strlen (image.colorTable[i].c_color)) {
upstream/oracle/userland-gate