[gd] Resolves: #1076676 CVE-2014-2497 NULL pointer dereference in gdImageCreateFromXpm()
Jozef Mlich
jmlich at fedoraproject.org
Wed Jul 16 16:11:04 UTC 2014
commit 547d117bd81f7014899916bc7f9c8031748be089
Author: Jozef Mlich <jmlich at redhat.com>
Date: Wed Jul 16 18:08:46 2014 +0200
Resolves: #1076676 CVE-2014-2497 NULL pointer dereference in gdImageCreateFromXpm()
gd-2.1.0-color_c_null_pointer.patch | 18 ++++++++++++++++++
gd.spec | 8 +++++++-
2 files changed, 25 insertions(+), 1 deletions(-)
---
diff --git a/gd-2.1.0-color_c_null_pointer.patch b/gd-2.1.0-color_c_null_pointer.patch
new file mode 100644
index 0000000..95b3eeb
--- /dev/null
+++ b/gd-2.1.0-color_c_null_pointer.patch
@@ -0,0 +1,18 @@
+diff -up ./src/gdxpm.c.color_c_null_pointer ./src/gdxpm.c
+--- ./src/gdxpm.c.color_c_null_pointer 2013-06-25 11:58:23.000000000 +0200
++++ ./src/gdxpm.c 2014-07-16 16:43:44.000000000 +0200
+@@ -62,6 +62,13 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFro
+
+ for(i = 0; i < number; i++) {
+ char *c_color = image.colorTable[i].c_color;
++ if (!c_color)
++ {
++ /* unsupported color key or color key not defined */
++ gdImageDestroy(im);
++ im = 0;
++ goto done;
++ }
+ if(strcmp(c_color, "None") == 0) {
+ colors[i] = gdImageGetTransparent(im);
+ if(colors[i] == -1) colors[i] = gdImageColorAllocate(im, 0, 0, 0);
+diff -up ./x.color_c_null_pointer ./x
diff --git a/gd.spec b/gd.spec
index 82dcb4a..dd1326a 100644
--- a/gd.spec
+++ b/gd.spec
@@ -5,7 +5,7 @@
Summary: A graphics library for quick creation of PNG or JPEG images
Name: gd
Version: 2.1.0
-Release: 5%{?prever}%{?short}%{?dist}
+Release: 6%{?prever}%{?short}%{?dist}
Group: System Environment/Libraries
License: MIT
URL: http://libgd.bitbucket.org/
@@ -18,6 +18,7 @@ Source0: https://bitbucket.org/libgd/gd-libgd/downloads/libgd-%{version}%{
%endif
Patch1: gd-2.1.0-multilib.patch
Patch2: gd-fixautoconf.patch
+Patch3: gd-2.1.0-color_c_null_pointer.patch
BuildRequires: freetype-devel
BuildRequires: fontconfig-devel
@@ -75,6 +76,7 @@ files for gd, a graphics library for creating PNG and JPEG graphics.
%setup -q -n libgd-%{version}%{?prever:-%{prever}}
%patch1 -p1 -b .mlib
%patch2 -p1 -b .automake
+%patch3 -p1 -b .color_c_null_pointer
# https://bitbucket.org/libgd/gd-libgd/issue/77
sed -e '/GD_VERSION_STRING/s/-alpha//' \
@@ -139,6 +141,10 @@ make check
%changelog
+* Wed Jul 16 2014 Jozef Mlich <jmlich at redhat.com> - 2.1.0-6
+- Resolves: #1076676 CVE-2014-2497
+ NULL pointer dereference in gdImageCreateFromXpm()
+
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.1.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
More information about the scm-commits
mailing list