Overview

File gd-CVE-2016-9933.patch of Package gd.8568

--- a/src/gd.c
+++ b/src/gd.c
@@ -1928,11 +1928,17 @@ BGD_DECLARE(void) gdImageFillToBorder (gdImagePtr im, int x, int y, int border,
 	int i;
 	int restoreAlphaBleding;
 
-	if (border < 0) {
+	if (border < 0 || color < 0) {
 		/* Refuse to fill to a non-solid border */
 		return;
 	}
 
+	if (!im->trueColor) {
+		if ((color > (im->colorsTotal - 1)) || (border > (im->colorsTotal - 1))) {
+			return;
+		}
+    }
+
 	leftLimit = (-1);
 
 	restoreAlphaBleding = im->alphaBlendingFlag;
openSUSE Build Service is sponsored by
Places