From 4d29684fd4ddbd6bb4dbde805f0fdaa84b0f66f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
Date: Fri, 20 May 2016 09:39:38 +0200
Subject: [PATCH] CVE-2015-8874

---
 src/gd.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/gd.c b/src/gd.c
index 300dfce..0603247 100644
--- a/src/gd.c
+++ b/src/gd.c
@@ -1938,6 +1938,17 @@ BGD_DECLARE(void) gdImageFillToBorder (gdImagePtr im, int x, int y, int border,
 	restoreAlphaBleding = im->alphaBlendingFlag;
 	im->alphaBlendingFlag = 0;
 
+	if (x >= im->sx) {
+		x = im->sx - 1;
+	} else if (x < 0) {
+		x = 0;
+	}
+	if (y >= im->sy) {
+		y = im->sy - 1;
+	} else if (y < 0) {
+		y = 0;
+	}
+	
 	for (i = x; (i >= 0); i--) {
 		if (gdImageGetPixel (im, i, y) == border) {
 			break;