File php-CVE-2016-6911.patch of Package php5.openSUSE_Leap_42.1_Update
Index: php-7.0.7/ext/gd/libgd/gd_io_dp.c
===================================================================
--- php-7.0.7.orig/ext/gd/libgd/gd_io_dp.c 2016-10-20 12:04:44.348436415 +0200
+++ php-7.0.7/ext/gd/libgd/gd_io_dp.c 2016-10-20 12:06:10.917737410 +0200
@@ -233,6 +233,10 @@ static int dynamicGetbuf (gdIOCtxPtr ctx
dctx = (dpIOCtxPtr) ctx;
dp = dctx->dp;
+ if (dp->pos < 0 || dp->pos >= dp->realSize) {
+ return 0;
+ }
+
remain = dp->logicalSize - dp->pos;
if (remain >= len) {
rlen = len;
@@ -243,6 +247,10 @@ static int dynamicGetbuf (gdIOCtxPtr ctx
rlen = remain;
}
+ if (dp->pos + rlen > dp->realSize) {
+ rlen = dp->realSize - dp->pos;
+ }
+
memcpy(buf, (void *) ((char *) dp->data + dp->pos), rlen);
dp->pos += rlen;