packages/gd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
gd/backport-CVE-2021-40812.patch
shirely16 d1007092b2 update to gd-2.3.2
2021-11-20 16:43:43 +08:00

83 lines
2.2 KiB
Diff
Raw Blame History

From e5c84f0b7a2e2cef8d8630bd8c26a2f859e959ff Mon Sep 17 00:00:00 2001
From: Pierre Joye <pierre.php@gmail.com>
Date: Tue, 7 Sep 2021 22:03:21 +0700
Subject: [PATCH 1/2] Partial fix for #750
Conflict:NA
Reference:https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9
---
src/gd_bmp.c | 15 +++++++++++----
src/gd_webp.c | 7 ++++++-
2 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/src/gd_bmp.c b/src/gd_bmp.c
index e186ac9..ab56a3e 100644
--- a/src/gd_bmp.c
+++ b/src/gd_bmp.c
@@ -30,6 +30,7 @@
#include <stdlib.h>
#include "gd.h"
#include "gdhelpers.h"
+#include "gd_errors.h"
#include "bmp.h"
static int compress_row(unsigned char *uncompressed_row, int length);
@@ -265,8 +266,11 @@ static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
}
bitmap_size += compressed_size;
-
- gdPutBuf(uncompressed_row, compressed_size, out);
+ if (gdPutBuf(uncompressed_row, compressed_size, out) != compressed_size){
+ gd_error("gd-bmp write error\n");
+ error = 1;
+ break;
+ }
gdPutC(BMP_RLE_COMMAND, out);
gdPutC(BMP_RLE_ENDOFLINE, out);
bitmap_size += 2;
@@ -325,7 +329,10 @@ static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
if (buffer_size == 0) {
break;
}
- gdPutBuf(copy_buffer , buffer_size, out_original);
+ if (gdPutBuf(copy_buffer , buffer_size, out_original) != buffer_size) {
+ gd_error("gd-bmp write error\n");
+ error = 1;
+ }
}
gdFree(copy_buffer);
@@ -335,7 +342,7 @@ static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
out_original = NULL;
}
- ret = 0;
+ ret = error;
cleanup:
if (tmpfile_for_compression) {
#ifdef _WIN32
diff --git a/src/gd_webp.c b/src/gd_webp.c
index a0b4787..af0bf2c 100644
--- a/src/gd_webp.c
+++ b/src/gd_webp.c
@@ -223,8 +223,13 @@ static int _gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
ret = 1;
goto freeargb;
}
- gdPutBuf(out, out_size, outfile);
+
+ int res = gdPutBuf(out, out_size, outfile);
free(out);
+ if (res != out_size) {
+ gd_error("gd-webp write error\n");
+ ret = 1;
+ }
freeargb:
gdFree(argb);
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink