File gd-CVE-2016-6912.patch of Package gd.11952

Index: libgd-2.1.0/src/gd_webp.c
===================================================================
--- libgd-2.1.0.orig/src/gd_webp.c	2017-02-01 14:55:09.165454830 +0100
+++ libgd-2.1.0/src/gd_webp.c	2017-02-01 15:20:29.834494070 +0100
@@ -28,6 +28,7 @@ const char * gdWebpGetVersionString()
 {
 	return "not defined";
 }
+static int _gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quantization);
 
 BGD_DECLARE(gdImagePtr) gdImageCreateFromWebp (FILE * inFile)
 {
@@ -110,14 +111,14 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFro
 BGD_DECLARE(void) gdImageWebpEx (gdImagePtr im, FILE * outFile, int quantization)
 {
 	gdIOCtx *out = gdNewFileCtx(outFile);
-	gdImageWebpCtx(im, out, quantization);
+	_gdImageWebpCtx(im, out, quantization);
 	out->gd_free(out);
 }
 
 BGD_DECLARE(void) gdImageWebp (gdImagePtr im, FILE * outFile)
 {
 	gdIOCtx *out = gdNewFileCtx(outFile);
-  	gdImageWebpCtx(im, out, -1);
+  	_gdImageWebpCtx(im, out, -1);
 	out->gd_free(out);
 }
 
@@ -125,8 +126,11 @@ BGD_DECLARE(void *) gdImageWebpPtr (gdIm
 {
 	void *rv;
 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
-	gdImageWebpCtx(im, out, -1);
-	rv = gdDPExtractData(out, size);
+	if (_gdImageWebpCtx(im, out, -1)) {
+		rv = NULL;
+	} else {
+		rv = gdDPExtractData(out, size);
+	}
 	out->gd_free(out);
 
 	return rv;
@@ -136,8 +140,11 @@ BGD_DECLARE(void *) gdImageWebpPtrEx (gd
 {
 	void *rv;
 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
-	gdImageWebpCtx(im, out, quantization);
-	rv = gdDPExtractData(out, size);
+	if (_gdImageWebpCtx(im, out, quantization)) {
+		rv = NULL;
+	} else {
+		rv = gdDPExtractData(out, size);
+	}
 	out->gd_free(out);
 	return rv;
 }
@@ -178,7 +185,7 @@ int overflow3(int a, int b, int c)
  *  and in part on demo code from Chapter 15 of "PNG: The Definitive Guide"
  *  (http://www.cdrom.com/pub/png/pngbook.html).
  */
-BGD_DECLARE(void) gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quantization)
+static int _gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quantization)
 {
 	int width = im->sx;
 	int height = im->sy;
@@ -196,20 +203,20 @@ BGD_DECLARE(void) gdImageWebpCtx (gdImag
 	yuv_nbytes = width * height + 2 * yuv_width * yuv_height;
 
         if (overflow2(width, height)) {
-          return;
+          return 1;
         }
 
         if (overflow3(2, yuv_width, yuv_height)) {
-          return;
+          return 1;
         }
 
         if (overflow_add(width * height, 2 * yuv_width * yuv_height)) {
-          return;
+          return 1;
         }
 
 	if ((Y = (unsigned char *)gdCalloc(yuv_nbytes, sizeof(unsigned char))) == NULL) {
 		gd_error("gd-webp error: cannot allocate Y buffer");
-		return;
+		return 1;
 	}
 	vp8_quality = mapQualityToVP8QP(quantization);
 
@@ -227,11 +234,17 @@ BGD_DECLARE(void) gdImageWebpCtx (gdImag
 			free(filedata);
 		}
 		gd_error("gd-webp error: WebP Encoder failed");
-		return;
+		return 1;
 	}
 
 	gdPutBuf (filedata, yuv_nbytes, outfile);
 	free(filedata);
+	return 0;
+}
+
+BGD_DECLARE(void) gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
+{
+	_gdImageWebpCtx(im, outfile, quality);
 }
 
 #endif /* HAVE_LIBVPX */