| From 463c3bd09bfe8e924e19acad7a2a6af16953a704 Mon Sep 17 00:00:00 2001 |
| From: Remi Collet <fedora@famillecollet.com> |
| Date: Mon, 4 Aug 2014 10:31:25 +0200 |
| Subject: [PATCH] CVE-2014-2497, NULL pointer dereference, fix #126 |
| |
| --- |
| src/gdxpm.c | 10 ++++++++++ |
| 1 file changed, 10 insertions(+) |
| |
| diff --git a/src/gdxpm.c b/src/gdxpm.c |
| index ae6e336..15603a6 100644 |
| --- a/src/gdxpm.c |
| +++ b/src/gdxpm.c |
| @@ -83,6 +83,16 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXpm(char *filename) |
| if(overflow2(sizeof(int), number)) { |
| goto done; |
| } |
| + for(i = 0; i < number; i++) { |
| + /* |
| + avoid NULL pointer dereference |
| + TODO better fix need to manage monochrome/monovisual |
| + see m_color or g4_color or g_color |
| + */ |
| + if (!image.colorTable[i].c_color) { |
| + goto done; |
| + } |
| + } |
| |
| colors = (int *)gdMalloc(sizeof(int) * number); |
| if(colors == NULL) { |
| -- |
| 1.8.5.2 |
| |