Go to file
Ondrej Dubaj dc2735f5a8 Potential double-free in gdImage*Ptr()
Whenever `gdImage*Ptr()` calls `gdImage*Ctx()` and the latter fails, we
must not call `gdDPExtractData()`; otherwise a double-free would
happen.  Since `gdImage*Ctx()` are void functions, and we can't change
that for BC reasons, we're introducing static helpers which are used
internally.

We're adding a regression test for `gdImageJpegPtr()`, but not for
`gdImageGifPtr()` and `gdImageWbmpPtr()` since we don't know how to
trigger failure of the respective `gdImage*Ctx()` calls.

This potential security issue has been reported by Solmaz Salimi (aka.
Rooney).
2019-11-01 09:21:22 +01:00
.gitignore
gd-2.1.0-multilib.patch
gd-2.2.5-gdImageBmpPtr-double-free.patch
gd-2.2.5-heap-based-buffer-overflow.patch Fixed heap based buffer overflow in gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch() 2019-11-01 09:19:30 +01:00
gd-2.2.5-potential-double-free.patch Potential double-free in gdImage*Ptr() 2019-11-01 09:21:22 +01:00
gd-2.2.5-upstream.patch
gd.spec Potential double-free in gdImage*Ptr() 2019-11-01 09:21:22 +01:00
sources