blob: 2dc1547278be71e70d4fdc3521a0b5dcdc06dd13 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <ondrej@sury.org>
Date: Fri, 20 May 2016 09:39:38 +0200
Subject: CVE-2015-8874
---
src/gd.c | 11 +++++++++++
1 file changed, 11 insertions(+)
--- libgd2.orig/src/gd.c
+++ libgd2/src/gd.c
@@ -1840,6 +1840,17 @@ BGD_DECLARE(void) gdImageFillToBorder (g
restoreAlphaBleding = im->alphaBlendingFlag;
im->alphaBlendingFlag = 0;
+ if (x >= im->sx) {
+ x = im->sx - 1;
+ } else if (x < 0) {
+ x = 0;
+ }
+ if (y >= im->sy) {
+ y = im->sy - 1;
+ } else if (y < 0) {
+ y = 0;
+ }
+
for (i = x; (i >= 0); i--) {
if (gdImageGetPixel (im, i, y) == border) {
break;
|