Overview

File php-5.1.2-CVE-2007-3475.patch of Package php

--- ext/gd/libgd/gd_gif_in.c
+++ ext/gd/libgd/gd_gif_in.c
@@ -125,6 +125,7 @@
 
        gdImagePtr im = 0;
        ZeroDataBlock = FALSE;
+       int haveGlobalColormap;
 
        /*1.4//imageNumber = 1; */
        if (! ReadOK(fd,buf,6)) {
@@ -150,11 +151,12 @@
 		imw = LM_to_uint(buf[0],buf[1]);
 		imh = LM_to_uint(buf[2],buf[3]);
 
-       if (BitSet(buf[4], LOCALCOLORMAP)) {    /* Global Colormap */
-               if (ReadColorMap(fd, BitPixel, ColorMap)) {
-			return 0;
-		}
-       }
+			haveGlobalColormap = BitSet(buf[4], LOCALCOLORMAP);    /* Global Colormap */
+			if (haveGlobalColormap) {
+				if (ReadColorMap(fd, BitPixel, ColorMap)) {
+					return 0;
+				}
+			}
        for (;;) {
                if (! ReadOK(fd,&c,1)) {
                        return 0;
@@ -192,12 +194,17 @@
                im->interlace = BitSet(buf[8], INTERLACE);
                if (! useGlobalColormap) {
 		       if (ReadColorMap(fd, bitPixel, localColorMap)) {
+				 gdImageDestroy(im);
                                  return 0;
                        }
                        ReadImage(im, fd, imw, imh, localColorMap,
                                  BitSet(buf[8], INTERLACE));
                                  /*1.4//imageCount != imageNumber); */
                } else {
+		      if (!haveGlobalColormap) {
+				 gdImageDestroy(im);
+				 return 0;
+		      }
                        ReadImage(im, fd, imw, imh,
                                  ColorMap,
                                  BitSet(buf[8], INTERLACE));
openSUSE Build Service is sponsored by
Places