diff -u gd-2.0.28/gd.c gd-2.0.28/gd.c
--- gd-2.0.28/gd.c 2004-11-02 17:47:12.977824069 +0100
+++ gd-2.0.28/gd.c 2006-01-20 11:14:42.000000000 +0100
@@ -73,6 +73,11 @@
gdImagePtr im;
im = (gdImage *) gdMalloc (sizeof (gdImage));
memset (im, 0, sizeof (gdImage));
+ if (overflow2(sizeof (unsigned char *), sy))
+ {
+ gdFree(im);
+ return NULL;
+ }
/* Row-major ever since gd 1.3 */
im->pixels = (unsigned char **) gdMalloc (sizeof (unsigned char *) * sy);
im->polyInts = 0;
@@ -2586,6 +2591,9 @@
{
im->polyAllocated *= 2;
}
+ if (overflow2(sizeof (int), im->polyAllocated)) {
+ return;
+ }
im->polyInts = (int *) gdRealloc (im->polyInts,
sizeof (int) * im->polyAllocated);
}
only in patch2:
unchanged:
--- gd-2.0.28/gdxpm.c.security 2006-01-20 11:14:52.000000000 +0100
+++ gd-2.0.28/gdxpm.c 2006-01-20 11:15:26.000000000 +0100
@@ -48,6 +48,9 @@
return 0;
number = image.ncolors;
+ if (overflow2(sizeof (int), number)) {
+ return 0;
+ }
colors = (int *) gdMalloc (sizeof (int) * number);
if (colors == NULL)
return (0);
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
75e436c6e0c1d17f6e6bcc0ec0f26a39
>
files
>
5
