blob: de9f9bd80de69c6038e309ee316cee4241105c66 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
$NetBSD: patch-src_gd__webp.c,v 1.1 2016/10/05 03:10:31 taca Exp $
Fix for CVE-2016-7568.
--- src/gd_webp.c.orig 2016-07-21 08:06:42.000000000 +0000
+++ src/gd_webp.c
@@ -126,6 +126,14 @@ void gdImageWebpCtx (gdImagePtr im, gdIO
quantization = 80;
}
+ if (overflow2(gdImageSX(im), 4)) {
+ return;
+ }
+
+ if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) {
+ return;
+ }
+
argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im));
if (!argb) {
return;
|