File php-CVE-2016-7568.patch of Package php7

Index: php-7.0.7/ext/gd/libgd/gd_webp.c
===================================================================
--- php-7.0.7.orig/ext/gd/libgd/gd_webp.c	2016-05-25 15:13:44.000000000 +0200
+++ php-7.0.7/ext/gd/libgd/gd_webp.c	2016-10-14 09:00:25.738925177 +0200
@@ -120,6 +120,14 @@ void gdImageWebpCtx (gdImagePtr im, gdIO
 		quantization = 80;
 	}
 
+	if (overflow2(gdImageSX(im), 4)) {
+		return;
+	}
+
+	if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) {
+		return;
+	}
+
 	argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im));
 	if (!argb) {
 		return;
openSUSE Build Service is sponsored by