File gd-CVE-2021-40812.patch of Package gd.21221
Index: libgd-2.2.5/src/gd_bmp.c
===================================================================
--- libgd-2.2.5.orig/src/gd_bmp.c 2021-09-14 12:00:52.913470730 +0200
+++ libgd-2.2.5/src/gd_bmp.c 2021-09-14 12:01:43.313776529 +0200
@@ -30,6 +30,7 @@
#include <stdlib.h>
#include "gd.h"
#include "gdhelpers.h"
+#include "gd_errors.h"
#include "bmp.h"
static int compress_row(unsigned char *uncompressed_row, int length);
@@ -266,7 +267,11 @@ static int _gdImageBmpCtx(gdImagePtr im,
bitmap_size += compressed_size;
- gdPutBuf(uncompressed_row, compressed_size, out);
+ if (gdPutBuf(uncompressed_row, compressed_size, out) != compressed_size){
+ gd_error("gd-bmp write error\n");
+ error = 1;
+ break;
+ }
Putchar(BMP_RLE_COMMAND, out);
Putchar(BMP_RLE_ENDOFLINE, out);
bitmap_size += 2;
@@ -325,7 +330,10 @@ static int _gdImageBmpCtx(gdImagePtr im,
if (buffer_size == 0) {
break;
}
- gdPutBuf(copy_buffer , buffer_size, out_original);
+ if (gdPutBuf(copy_buffer , buffer_size, out_original) != buffer_size) {
+ gd_error("gd-bmp write error\n");
+ error = 1;
+ }
}
gdFree(copy_buffer);
@@ -335,7 +343,7 @@ static int _gdImageBmpCtx(gdImagePtr im,
out_original = NULL;
}
- ret = 0;
+ ret = error;
cleanup:
if (tmpfile_for_compression) {
#ifdef _WIN32
Index: libgd-2.2.5/src/gd_webp.c
===================================================================
--- libgd-2.2.5.orig/src/gd_webp.c 2017-08-30 13:05:54.000000000 +0200
+++ libgd-2.2.5/src/gd_webp.c 2021-09-14 12:00:52.949470947 +0200
@@ -222,8 +222,13 @@ static int _gdImageWebpCtx (gdImagePtr i
ret = 1;
goto freeargb;
}
- gdPutBuf(out, out_size, outfile);
+
+ int res = gdPutBuf(out, out_size, outfile);
free(out);
+ if (res != out_size) {
+ gd_error("gd-webp write error\n");
+ ret = 1;
+ }
freeargb:
gdFree(argb);