File gd-CVE-2018-1000222.patch of Package gd.10570

Index: libgd-2.1.0/src/gd_bmp.c
===================================================================
--- libgd-2.1.0.orig/src/gd_bmp.c	2013-06-25 11:58:23.000000000 +0200
+++ libgd-2.1.0/src/gd_bmp.c	2018-08-27 16:04:30.690935283 +0200
@@ -40,6 +40,8 @@ static int bmp_read_4bit(gdImagePtr im,
 static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp_hdr_t *header);
 static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info);
 
+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression);
+
 #define BMP_DEBUG(s)
 
 static int gdBMPPutWord(gdIOCtx *out, int w)
@@ -65,8 +67,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImag
 	void *rv;
 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
 	if (out == NULL) return NULL;
-	gdImageBmpCtx(im, out, compression);
-	rv = gdDPExtractData(out, size);
+	if (!_gdImageBmpCtx(im, out, compression))
+		rv = gdDPExtractData(out, size);
+	else
+		rv = NULL;
 	out->gd_free(out);
 	return rv;
 }
@@ -81,12 +85,18 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr
 
 BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
 {
+	_gdImageBmpCtx(im, out, compression);
+}
+
+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+{
 	int bitmap_size = 0, info_size, total_size, padding;
 	int i, row, xpos, pixel;
 	int error = 0;
 	unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL;
 	FILE *tmpfile_for_compression = NULL;
 	gdIOCtxPtr out_original = NULL;
+	int ret = 1;
 
 	/* No compression if its true colour or we don't support seek */
 	if (im->trueColor) {
@@ -264,6 +274,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImageP
 		out_original = NULL;
 	}
 
+	ret = 0;
 cleanup:
 	if (tmpfile_for_compression) {
 #ifdef _WIN32
@@ -277,7 +288,7 @@ cleanup:
 	if (out_original) {
 		out_original->gd_free(out_original);
 	}
-	return;
+	return ret;
 }
 
 static int compress_row(unsigned char *row, int length)