gd/gd-2.1.1-CVE-2015-8874.patch

32 lines
785 B
Diff
Raw Normal View History

From 4d29684fd4ddbd6bb4dbde805f0fdaa84b0f66f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
Date: Fri, 20 May 2016 09:39:38 +0200
Subject: [PATCH] CVE-2015-8874
---
src/gd.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/gd.c b/src/gd.c
index 300dfce..0603247 100644
--- a/src/gd.c
+++ b/src/gd.c
@@ -1938,6 +1938,17 @@ BGD_DECLARE(void) gdImageFillToBorder (gdImagePtr im, int x, int y, int border,
restoreAlphaBleding = im->alphaBlendingFlag;
im->alphaBlendingFlag = 0;
+ if (x >= im->sx) {
+ x = im->sx - 1;
+ } else if (x < 0) {
+ x = 0;
+ }
+ if (y >= im->sy) {
+ y = im->sy - 1;
+ } else if (y < 0) {
+ y = 0;
+ }
+
for (i = x; (i >= 0); i--) {
if (gdImageGetPixel (im, i, y) == border) {
break;