Fix for CVE-2014-2497
Patch:
Code:
Verified by hand that it patches the correct code.
diff --git a/ext/gd/libgd/gdxpm.c b/ext/gd/libgd/gdxpm.c
index 73f86e5..b69414e 100644
@@ -31,12 +31,17 @@ gdImagePtr gdImageCreateFromXpm (char *filename)
if (ret != XpmSuccess) {
return 0;
}
+ number = image.ncolors;
+ for(i = 0; i < number; i++) {
+ if (!image.colorTable[i].c_color) {
+ goto done;
+ }
+ }
if (!(im = gdImageCreate(image.width, image.height))) {
goto done;
}
- number = image.ncolors;
colors = (int *) safe_emalloc(number, sizeof(int), 0);
for (i = 0; i < number; i++) {
switch (strlen (image.colorTable[i].c_color)) {