File php-CVE-2016-6207.patch of Package php5.openSUSE_Leap_42.3_Update

Overview Repositories Revisions Requests Users Attributes Meta

File php-CVE-2016-6207.patch of Package php5.openSUSE_Leap_42.3_Update

Index: php-7.0.7/ext/gd/libgd/gd.c
===================================================================
--- php-7.0.7.orig/ext/gd/libgd/gd.c	2016-05-25 15:13:44.000000000 +0200
+++ php-7.0.7/ext/gd/libgd/gd.c	2016-08-04 09:00:31.981679962 +0200
@@ -184,7 +184,7 @@ gdImagePtr gdImageCreateTrueColor (int s
 		return NULL;
 	}
 
-	if (overflow2(sizeof(int), sx)) {
+	if (overflow2(sizeof(int *), sx)) {
 		return NULL;
 	}
 
Index: php-7.0.7/ext/gd/libgd/gd_interpolation.c
===================================================================
--- php-7.0.7.orig/ext/gd/libgd/gd_interpolation.c	2016-05-25 15:13:44.000000000 +0200
+++ php-7.0.7/ext/gd/libgd/gd_interpolation.c	2016-08-04 09:13:55.762834973 +0200
@@ -880,6 +880,7 @@ static inline LineContribType * _gdContr
 {
 	unsigned int u = 0;
     LineContribType *res;
+    int overflow_error = 0;
 
 	res = (LineContribType *) gdMalloc(sizeof(LineContribType));
 	if (!res) {
@@ -887,10 +888,30 @@ static inline LineContribType * _gdContr
 	}
     res->WindowSize = windows_size;
     res->LineLength = line_length;
+    if (overflow2(line_length, sizeof(ContributionType))) {
+      return NULL;
+    }
     res->ContribRow = (ContributionType *) gdMalloc(line_length * sizeof(ContributionType));
-
+    if (res->ContribRow == NULL) {
+        gdFree(res);
+        return NULL;
+    }
     for (u = 0 ; u < line_length ; u++) {
-        res->ContribRow[u].Weights = (double *) gdMalloc(windows_size * sizeof(double));
+        if (overflow2(windows_size, sizeof(double))) {
+            overflow_error = 1;
+        } else {
+           res->ContribRow[u].Weights = (double *) gdMalloc(windows_size * sizeof(double));
+        }
+        if (overflow_error == 1 || res->ContribRow[u].Weights == NULL) {
+            unsigned int i;
+            u--;
+            for (i=0;i<=u;i++) {
+                gdFree(res->ContribRow[i].Weights);
+            }
+            gdFree(res->ContribRow);
+            gdFree(res);
+            return NULL;
+        }
     }
     return res;
 }

Places

File php-CVE-2016-6207.patch of Package php5.openSUSE_Leap_42.3_Update

Places