dc2735f5a8
Whenever `gdImage*Ptr()` calls `gdImage*Ctx()` and the latter fails, we must not call `gdDPExtractData()`; otherwise a double-free would happen. Since `gdImage*Ctx()` are void functions, and we can't change that for BC reasons, we're introducing static helpers which are used internally. We're adding a regression test for `gdImageJpegPtr()`, but not for `gdImageGifPtr()` and `gdImageWbmpPtr()` since we don't know how to trigger failure of the respective `gdImage*Ctx()` calls. This potential security issue has been reported by Solmaz Salimi (aka. Rooney). |
||
---|---|---|
.gitignore | ||
gd-2.1.0-multilib.patch | ||
gd-2.2.5-gdImageBmpPtr-double-free.patch | ||
gd-2.2.5-heap-based-buffer-overflow.patch | ||
gd-2.2.5-potential-double-free.patch | ||
gd-2.2.5-upstream.patch | ||
gd.spec | ||
sources |