upstream/oracle/userland-gate: changeset 4259:03635257972b

summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/gd2/patches/005-CVE-2014-9709.patch	Thu May 07 10:31:56 2015 -0700
@@ -0,0 +1,33 @@
+# External patch:
+# https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43
+# Backported to GD2 Version 2.0.35
+--- gd_gif_in.c	2007-06-14 12:51:41.000000000 -0700
++++ gd_gif_in.c	2015-04-06 11:11:40.591453962 -0700
+@@ -70,8 +70,10 @@
+ 
+ #define STACK_SIZE ((1<<(MAX_LWZ_BITS))*2)
+ 
++#define CSD_BUF_SIZE 280
++
+ typedef struct {
+-	unsigned char    buf[280];
++	unsigned char    buf[CSD_BUF_SIZE];
+ 	int              curbit, lastbit, done, last_byte;
+ } CODE_STATIC_DATA;
+ 
+@@ -380,8 +382,14 @@
+        }
+ 
+        ret = 0;
+-       for (i = scd->curbit, j = 0; j < code_size; ++i, ++j)
++       for (i = scd->curbit, j = 0; j < code_size; ++i, ++j) {
++         if (i < CSD_BUF_SIZE * 8) {
+                ret |= ((scd->buf[ i / 8 ] & (1 << (i % 8))) != 0) << j;
++         } else {
++           ret = -1;
++           break;
++         }
++       }
+ 
+        scd->curbit += code_size;
+        return ret;

author	Stefan Teleman <stefan.teleman@oracle.com>
	Thu, 07 May 2015 10:31:56 -0700
branch	s11-update
changeset 4259	03635257972b
parent 4258	e6c70ecb57e7
child 4260	2e8216bbbb72