File php-CVE-2016-6911.patch of Package php7

Index: php-7.0.7/ext/gd/libgd/gd_io_dp.c
===================================================================
--- php-7.0.7.orig/ext/gd/libgd/gd_io_dp.c	2016-10-20 12:04:44.348436415 +0200
+++ php-7.0.7/ext/gd/libgd/gd_io_dp.c	2016-10-20 12:06:10.917737410 +0200
@@ -233,6 +233,10 @@ static int dynamicGetbuf (gdIOCtxPtr ctx
 	dctx = (dpIOCtxPtr) ctx;
 	dp = dctx->dp;
 
+	if (dp->pos < 0 || dp->pos >= dp->realSize) {
+		return 0;
+	}
+
 	remain = dp->logicalSize - dp->pos;
 	if (remain >= len) {
 		rlen = len;
@@ -243,6 +247,10 @@ static int dynamicGetbuf (gdIOCtxPtr ctx
 		rlen = remain;
 	}
 
+	if (dp->pos + rlen > dp->realSize) {
+		rlen = dp->realSize - dp->pos;
+	}
+
 	memcpy(buf, (void *) ((char *) dp->data + dp->pos), rlen);
 	dp->pos += rlen;
openSUSE Build Service is sponsored by