gd/CVE-2019-6977.patch

--- a/src/gd_color_match.c	2017-08-30 07:05:54.000000000 -0400
+++ b/src/gd_color_match.c	2019-06-05 07:53:47.058000000 -0400
@@ -31,8 +31,8 @@ BGD_DECLARE(int) gdImageColorMatch (gdIm
 		return -4; /* At least 1 color must be allocated */
 	}
 
-	buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * im2->colorsTotal);
-	memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal );
+	buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * gdMaxColors);
+	memset( buf, 0, sizeof(unsigned long) * 5 * gdMaxColors );
 
 	for (x=0; x < im1->sx; x++) {
 		for( y=0; y<im1->sy; y++ ) {
Package init 2019-09-30 10:39:22 -04:00			`--- a/src/gd_color_match.c 2017-08-30 07:05:54.000000000 -0400`
			`+++ b/src/gd_color_match.c 2019-06-05 07:53:47.058000000 -0400`
			`@@ -31,8 +31,8 @@ BGD_DECLARE(int) gdImageColorMatch (gdIm`
			`return -4; /* At least 1 color must be allocated */`
			`}`

			`- buf = (unsigned long )gdMalloc(sizeof(unsigned long) 5 * im2->colorsTotal);`
			`- memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal );`
			`+ buf = (unsigned long )gdMalloc(sizeof(unsigned long) 5 * gdMaxColors);`
			`+ memset( buf, 0, sizeof(unsigned long) * 5 * gdMaxColors );`

			`for (x=0; x < im1->sx; x++) {`
			`for( y=0; y<im1->sy; y++ ) {`