summary refs log tree commit diff
path: root/gnu/packages/patches/gd-CVE-2016-6132.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/gd-CVE-2016-6132.patch')
-rw-r--r--gnu/packages/patches/gd-CVE-2016-6132.patch55
1 files changed, 0 insertions, 55 deletions
diff --git a/gnu/packages/patches/gd-CVE-2016-6132.patch b/gnu/packages/patches/gd-CVE-2016-6132.patch
deleted file mode 100644
index 4c475b71b2..0000000000
--- a/gnu/packages/patches/gd-CVE-2016-6132.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-Fix CVE-2016-6132 (read out-of-bounds when parsing TGA files).
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6132
-
-Copied from upstream commit:
-https://github.com/libgd/libgd/commit/ead349e99868303b37f5e6e9d9d680c9dc71ff8d
-
-From ead349e99868303b37f5e6e9d9d680c9dc71ff8d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
-Date: Tue, 12 Jul 2016 11:24:09 +0200
-Subject: [PATCH] Fix #247, A read out-of-bands was found in the parsing of TGA
- files (CVE-2016-6132)
-
----
- src/gd_tga.c | 13 +++++++++++--
- 1 file changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/src/gd_tga.c b/src/gd_tga.c
-index ef20f86..20fe2d2 100644
---- a/src/gd_tga.c
-+++ b/src/gd_tga.c
-@@ -237,7 +237,11 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga )
- 			return -1;
- 		}
- 
--		gdGetBuf(conversion_buffer, image_block_size, ctx);
-+		if (gdGetBuf(conversion_buffer, image_block_size, ctx) != image_block_size) {
-+			gd_error("gd-tga: premature end of image data\n");
-+			gdFree(conversion_buffer);
-+			return -1;
-+		}
- 
- 		while (buffer_caret < image_block_size) {
- 			tga->bitmap[buffer_caret] = (int) conversion_buffer[buffer_caret];
-@@ -257,11 +261,16 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga )
- 		}
- 		conversion_buffer = (unsigned char *) gdMalloc(image_block_size * sizeof(unsigned char));
- 		if (conversion_buffer == NULL) {
-+			gd_error("gd-tga: premature end of image data\n");
- 			gdFree( decompression_buffer );
- 			return -1;
- 		}
- 
--		gdGetBuf( conversion_buffer, image_block_size, ctx );
-+		if (gdGetBuf(conversion_buffer, image_block_size, ctx) != image_block_size) {
-+			gdFree(conversion_buffer);
-+			gdFree(decompression_buffer);
-+			return -1;
-+		}
- 
- 		buffer_caret = 0;
- 
--- 
-2.9.1
-