aboutsummaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-support/gd/gd/CVE-2016-10167.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-oe/recipes-support/gd/gd/CVE-2016-10167.patch')
-rw-r--r--meta-oe/recipes-support/gd/gd/CVE-2016-10167.patch48
1 files changed, 48 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/gd/gd/CVE-2016-10167.patch b/meta-oe/recipes-support/gd/gd/CVE-2016-10167.patch
new file mode 100644
index 0000000000..54ef22cb62
--- /dev/null
+++ b/meta-oe/recipes-support/gd/gd/CVE-2016-10167.patch
@@ -0,0 +1,48 @@
+From 6ab531ef0d82efb9e00236ee5ea23928335d221f Mon Sep 17 00:00:00 2001
+From: Catalin Enache <catalin.enache@windriver.com>
+Date: Fri, 7 Apr 2017 12:30:22 +0300
+Subject: [PATCH] Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
+
+We must not pretend that there are image data if there are none. Instead
+we fail reading the image file gracefully.
+
+Upstream-Status: Backport
+CVE: CVE-2016-10167
+
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ src/gd_gd2.c | 14 ++++++--------
+ 1 file changed, 6 insertions(+), 8 deletions(-)
+
+diff --git a/src/gd_gd2.c b/src/gd_gd2.c
+index 8df93c1..bae65ea 100644
+--- a/src/gd_gd2.c
++++ b/src/gd_gd2.c
+@@ -445,18 +445,16 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGd2Ctx (gdIOCtxPtr in)
+
+ if (im->trueColor) {
+ if (!gdGetInt (&im->tpixels[y][x], in)) {
+- /*printf("EOF while reading\n"); */
+- /*gdImageDestroy(im); */
+- /*return 0; */
+- im->tpixels[y][x] = 0;
++ gd_error("gd2: EOF while reading\n");
++ gdImageDestroy(im);
++ return NULL;
+ }
+ } else {
+ int ch;
+ if (!gdGetByte (&ch, in)) {
+- /*printf("EOF while reading\n"); */
+- /*gdImageDestroy(im); */
+- /*return 0; */
+- ch = 0;
++ gd_error("gd2: EOF while reading\n");
++ gdImageDestroy(im);
++ return NULL;
+ }
+ im->pixels[y][x] = ch;
+ }
+--
+2.10.2
+