File php-CVE-2014-2497.patch of Package php5.openSUSE_Leap_42.3_Update

Description: Patch to fix PHP bug 66901.
Author: Andres Mejia <mejiaa@amazon.com>
Forwarded: no

Index: ext/gd/libgd/gdxpm.c
===================================================================
--- ext/gd/libgd/gdxpm.c.orig	2014-02-05 11:00:36.000000000 +0100
+++ ext/gd/libgd/gdxpm.c	2014-04-04 14:06:15.991206709 +0200
@@ -39,6 +39,14 @@
 	number = image.ncolors;
 	colors = (int *) safe_emalloc(number, sizeof(int), 0);
 	for (i = 0; i < number; i++) {
+		if (!image.colorTable[i].c_color)
+		{
+			/* unsupported color key or color key not defined */
+			gdImageDestroy(im);
+			gdFree(colors);
+			im = 0;
+			goto done;
+		}
 		switch (strlen (image.colorTable[i].c_color)) {
 			case 4:
 				buf[1] = '\0';
openSUSE Build Service is sponsored by