[gd] fixed CVE-2009-3546 gd: insufficient input validation in _gdGetColors() Resolves: #830745

Honza Horak hhorak at fedoraproject.org
Mon Jun 11 13:57:48 UTC 2012 

commit 26a4006ad66f54011316b1b6479e5357e3bc7160
Author: Honza HorĂ¡k <hhorak at redhat.com>
Date:   Mon Jun 11 15:56:49 2012 +0200

    fixed CVE-2009-3546 gd: insufficient input validation in _gdGetColors()
    Resolves: #830745

 gd-2.0.35-security3.patch |   12 ++++++++++++
 gd.spec                   |    8 +++++++-
 2 files changed, 19 insertions(+), 1 deletions(-)
---
diff --git a/gd-2.0.35-security3.patch b/gd-2.0.35-security3.patch
new file mode 100644
index 0000000..e15587b
--- /dev/null
+++ b/gd-2.0.35-security3.patch
@@ -0,0 +1,12 @@
+--- gd-2.0.28/gd_gd.c	2004-05-24 17:28:12.000000000 +0200
++++ gd-2.0.28_new/gd_gd.c	2009-12-08 15:19:16.159836680 +0100
+@@ -44,6 +44,9 @@
+ 	    {
+ 	      goto fail1;
+ 	    }
++	    if (im->colorsTotal > gdMaxColors) {
++	      goto fail1;
++		}
+ 	}
+       /* Int to accommodate truecolor single-color transparency */
+       if (!gdGetInt (&im->transparent, in))
diff --git a/gd.spec b/gd.spec
index b1e1bcb..080551a 100644
--- a/gd.spec
+++ b/gd.spec
@@ -1,7 +1,7 @@
 Summary:       A graphics library for quick creation of PNG or JPEG images
 Name:          gd
 Version:       2.0.35
-Release:       16%{?dist}
+Release:       17%{?dist}
 Group:         System Environment/Libraries
 License:       MIT
 URL:           http://www.libgd.org/Main_Page
@@ -15,6 +15,7 @@ Patch7:        gd-2.0.35-AALineThick.patch
 Patch8:        gd-2.0.33-BoxBound.patch
 Patch9:        gd-2.0.34-fonts.patch
 Patch10:       gd-2.0.35-time.patch
+Patch11:       gd-2.0.35-security3.patch
 BuildRoot:     %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: freetype-devel, fontconfig-devel, libX11-devel, libXpm-devel
 BuildRequires: libjpeg-devel, libpng-devel, zlib-devel, pkgconfig
@@ -61,6 +62,7 @@ files for gd, a graphics library for creating PNG and JPEG graphics.
 %patch8 -p1 -b .bb
 %patch9 -p1 -b .fonts
 %patch10 -p1 -b .time
+%patch11 -p1 -b .sec3
 
 %build
 %configure --disable-rpath
@@ -99,6 +101,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/gdlib.pc
 
 %changelog
+* Mon Jun 11 2012 Honza Horak <hhorak at redhat.com> - 2.0.35-17
+- fixed CVE-2009-3546 gd: insufficient input validation in _gdGetColors()
+  Resolves: #830745
+
 * Tue Feb 28 2012 Honza Horak <hhorak at redhat.com> - 2.0.35-16
 - Fixed AALineThick.patch to display vertical lines correctly
   Resolves: #798255

More information about the scm-commits mailing list