Added missing patches.
This commit is contained in:
parent
1bd3819e67
commit
9db5e2bdaa
|
@ -0,0 +1,27 @@
|
||||||
|
From 4751b606fa38edc456d627140898a7ec679fcc24 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Vladimir Mitrovic <vladimir.x.mitrovic@gmail.com>
|
||||||
|
Date: Wed, 5 Aug 2015 03:01:06 +0200
|
||||||
|
Subject: [PATCH] gdImageScaleTwoPass memory leak fix
|
||||||
|
|
||||||
|
Fixing memory leak in gdImageScaleTwoPass, as reported by @cmb69 and
|
||||||
|
confirmed by @vapier. This bug actually bit me in production and I'm
|
||||||
|
very thankful that it was reported with an easy fix.
|
||||||
|
|
||||||
|
Fixes #173.
|
||||||
|
---
|
||||||
|
src/gd_interpolation.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/gd_interpolation.c b/src/gd_interpolation.c
|
||||||
|
index fcc11e6..f00c946 100644
|
||||||
|
--- a/src/gd_interpolation.c
|
||||||
|
+++ b/src/gd_interpolation.c
|
||||||
|
@@ -1087,7 +1087,7 @@ gdImageScaleTwoPass(const gdImagePtr src, const unsigned int new_width,
|
||||||
|
}/* if */
|
||||||
|
|
||||||
|
if (src != tmp_im) {
|
||||||
|
- gdFree(tmp_im);
|
||||||
|
+ gdImageDestroy(tmp_im);
|
||||||
|
}/* if */
|
||||||
|
|
||||||
|
return dst;
|
|
@ -0,0 +1,89 @@
|
||||||
|
From 4dc1a2d7931017d3625f2d7cff70a17ce58b53b4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Mike Frysinger <vapier@gentoo.org>
|
||||||
|
Date: Sat, 14 May 2016 01:38:18 -0400
|
||||||
|
Subject: [PATCH] xbm: avoid stack overflow (read) with large names #211
|
||||||
|
|
||||||
|
We use the name passed in to printf into a local stack buffer which is
|
||||||
|
limited to 4000 bytes. So given a large enough value, lots of stack
|
||||||
|
data is leaked. Rewrite the code to do simple memory copies with most
|
||||||
|
of the strings to avoid that issue, and only use stack buffer for small
|
||||||
|
numbers of constant size.
|
||||||
|
|
||||||
|
This closes #211.
|
||||||
|
---
|
||||||
|
src/gd_xbm.c | 34 +++++++++++++++++++++++++++-------
|
||||||
|
1 file changed, 27 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/gd_xbm.c b/src/gd_xbm.c
|
||||||
|
index 74d839b..d28fdfc 100644
|
||||||
|
--- a/src/gd_xbm.c
|
||||||
|
+++ b/src/gd_xbm.c
|
||||||
|
@@ -180,7 +180,7 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm(FILE * fd)
|
||||||
|
/* {{{ gdCtxPrintf */
|
||||||
|
static void gdCtxPrintf(gdIOCtx * out, const char *format, ...)
|
||||||
|
{
|
||||||
|
- char buf[4096];
|
||||||
|
+ char buf[1024];
|
||||||
|
int len;
|
||||||
|
va_list args;
|
||||||
|
|
||||||
|
@@ -191,6 +191,9 @@ static void gdCtxPrintf(gdIOCtx * out, const char *format, ...)
|
||||||
|
}
|
||||||
|
/* }}} */
|
||||||
|
|
||||||
|
+/* The compiler will optimize strlen(constant) to a constant number. */
|
||||||
|
+#define gdCtxPuts(out, s) out->putBuf(out, s, strlen(s))
|
||||||
|
+
|
||||||
|
/* {{{ gdImageXbmCtx */
|
||||||
|
BGD_DECLARE(void) gdImageXbmCtx(gdImagePtr image, char* file_name, int fg, gdIOCtx * out)
|
||||||
|
{
|
||||||
|
@@ -215,9 +218,26 @@ BGD_DECLARE(void) gdImageXbmCtx(gdImagePtr image, char* file_name, int fg, gdIOC
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- gdCtxPrintf(out, "#define %s_width %d\n", name, gdImageSX(image));
|
||||||
|
- gdCtxPrintf(out, "#define %s_height %d\n", name, gdImageSY(image));
|
||||||
|
- gdCtxPrintf(out, "static unsigned char %s_bits[] = {\n ", name);
|
||||||
|
+ /* Since "name" comes from the user, run it through a direct puts.
|
||||||
|
+ * Trying to printf it into a local buffer means we'd need a large
|
||||||
|
+ * or dynamic buffer to hold it all. */
|
||||||
|
+
|
||||||
|
+ /* #define <name>_width 1234 */
|
||||||
|
+ gdCtxPuts(out, "#define ");
|
||||||
|
+ gdCtxPuts(out, name);
|
||||||
|
+ gdCtxPuts(out, "_width ");
|
||||||
|
+ gdCtxPrintf(out, "%d\n", gdImageSX(image));
|
||||||
|
+
|
||||||
|
+ /* #define <name>_height 1234 */
|
||||||
|
+ gdCtxPuts(out, "#define ");
|
||||||
|
+ gdCtxPuts(out, name);
|
||||||
|
+ gdCtxPuts(out, "_height ");
|
||||||
|
+ gdCtxPrintf(out, "%d\n", gdImageSY(image));
|
||||||
|
+
|
||||||
|
+ /* static unsigned char <name>_bits[] = {\n */
|
||||||
|
+ gdCtxPuts(out, "static unsigned char ");
|
||||||
|
+ gdCtxPuts(out, name);
|
||||||
|
+ gdCtxPuts(out, "_bits[] = {\n ");
|
||||||
|
|
||||||
|
free(name);
|
||||||
|
|
||||||
|
@@ -234,9 +254,9 @@ BGD_DECLARE(void) gdImageXbmCtx(gdImagePtr image, char* file_name, int fg, gdIOC
|
||||||
|
if ((b == 128) || (x == sx && y == sy)) {
|
||||||
|
b = 1;
|
||||||
|
if (p) {
|
||||||
|
- gdCtxPrintf(out, ", ");
|
||||||
|
+ gdCtxPuts(out, ", ");
|
||||||
|
if (!(p%12)) {
|
||||||
|
- gdCtxPrintf(out, "\n ");
|
||||||
|
+ gdCtxPuts(out, "\n ");
|
||||||
|
p = 12;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -248,6 +268,6 @@ BGD_DECLARE(void) gdImageXbmCtx(gdImagePtr image, char* file_name, int fg, gdIOC
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- gdCtxPrintf(out, "};\n");
|
||||||
|
+ gdCtxPuts(out, "};\n");
|
||||||
|
}
|
||||||
|
/* }}} */
|
Loading…
Reference in New Issue