summary refs log tree commit diff
path: root/gnu/packages/patches/gd-CVE-2019-6977.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/gd-CVE-2019-6977.patch')
-rw-r--r--gnu/packages/patches/gd-CVE-2019-6977.patch36
1 files changed, 0 insertions, 36 deletions
diff --git a/gnu/packages/patches/gd-CVE-2019-6977.patch b/gnu/packages/patches/gd-CVE-2019-6977.patch
deleted file mode 100644
index b21a8ac619..0000000000
--- a/gnu/packages/patches/gd-CVE-2019-6977.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix CVE-2019-6977:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977
-
-Patch copied from Debian:
-
-https://salsa.debian.org/debian/libgd2/commit/2d7d3b68bb79843e5271a05543e996fd5a3a8cd1
-
-Description: Heap-based buffer overflow in gdImageColorMatch
-Origin: other, https://gist.github.com/cmb69/1f36d285eb297ed326f5c821d7aafced
-Bug-PHP: https://bugs.php.net/bug.php?id=77270
-Bug-Debian: https://bugs.debian.org/920645
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-6977
-Forwarded: no
-Author: "Christoph M. Becker" <cmbecker69@gmx.de>
-Last-Update: 2019-02-01
-
-At least some of the image reading functions may return images which
-use color indexes greater than or equal to im->colorsTotal.  We cater
-to this by always using a buffer size which is sufficient for
-`gdMaxColors` in `gdImageColorMatch()`.
----
-
---- a/src/gd_color_match.c
-+++ b/src/gd_color_match.c
-@@ -31,8 +31,8 @@ BGD_DECLARE(int) gdImageColorMatch (gdIm
- 		return -4; /* At least 1 color must be allocated */
- 	}
- 
--	buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * im2->colorsTotal);
--	memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal );
-+	buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * gdMaxColors);
-+	memset (buf, 0, sizeof(unsigned long) * 5 * gdMaxColors );
- 
- 	for (x=0; x < im1->sx; x++) {
- 		for( y=0; y<im1->sy; y++ ) {