rpms/gd/devel gd-2.0.33-security.patch,NONE,1.1 gd.spec,1.26,1.27

[fedora-cvs-commits at redhat.com]

Author: pknirsch

Update of /cvs/dist/rpms/gd/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv28578

Modified Files:
	gd.spec 
Added Files:
	gd-2.0.33-security.patch 
Log Message:
- Included a few more overflow checks.


gd-2.0.33-security.patch:
 gd.c    |    8 ++++++++
 gdxpm.c |    3 +++
 2 files changed, 11 insertions(+)

--- NEW FILE gd-2.0.33-security.patch ---
diff -u gd-2.0.28/gd.c gd-2.0.28/gd.c
--- gd-2.0.28/gd.c	2004-11-02 17:47:12.977824069 +0100
+++ gd-2.0.28/gd.c	2006-01-20 11:14:42.000000000 +0100
@@ -73,6 +73,11 @@
   gdImagePtr im;
   im = (gdImage *) gdMalloc (sizeof (gdImage));
   memset (im, 0, sizeof (gdImage));
+  if (overflow2(sizeof (unsigned char *), sy))
+  {
+    gdFree(im);
+    return NULL;
+  }
   /* Row-major ever since gd 1.3 */
   im->pixels = (unsigned char **) gdMalloc (sizeof (unsigned char *) * sy);
   im->polyInts = 0;
@@ -2586,6 +2591,9 @@
 	{
 	  im->polyAllocated *= 2;
 	}
+      if (overflow2(sizeof (int), im->polyAllocated)) {
+        return;
+      }
       im->polyInts = (int *) gdRealloc (im->polyInts,
 					sizeof (int) * im->polyAllocated);
     }
only in patch2:
unchanged:
--- gd-2.0.28/gdxpm.c.security	2006-01-20 11:14:52.000000000 +0100
+++ gd-2.0.28/gdxpm.c	2006-01-20 11:15:26.000000000 +0100
@@ -48,6 +48,9 @@
     return 0;
 
   number = image.ncolors;
+  if (overflow2(sizeof (int), number)) {
+    return 0;
+  }
   colors = (int *) gdMalloc (sizeof (int) * number);
   if (colors == NULL)
     return (0);


Index: gd.spec
===================================================================
RCS file: /cvs/dist/rpms/gd/devel/gd.spec,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- gd.spec	9 Dec 2005 22:40:31 -0000	1.26
+++ gd.spec	20 Jan 2006 12:44:28 -0000	1.27
@@ -1,13 +1,14 @@
 Summary:       A graphics library for quick creation of PNG or JPEG images
 Name:          gd
 Version:       2.0.33
-Release: 5.1
+Release:       6
 Group:         System Environment/Libraries
 License:       BSD-style
 URL:           http://www.boutell.com/gd/
 Source0:       http://www.boutell.com/gd/http/%{name}-%{version}.tar.gz
 Patch0:        gd-2.0.33-freetype.patch
 Patch1:        gd-2.0.33-SetAAPixel.patch
+Patch2:        gd-2.0.33-security.patch
 BuildRoot:     %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: freetype-devel, fontconfig-devel, libX11-devel, libXpm-devel
 BuildRequires: libjpeg-devel, libpng-devel, zlib-devel
@@ -48,6 +49,7 @@
 %setup -q
 %patch0 -p1 -b .freetype
 %patch1 -p1 -b .SetAAPixel
+%patch2 -p1 -b .security
 
 %build
 %configure --disable-rpath
@@ -86,6 +88,9 @@
 
 
 %changelog
+* Fri Jan 20 2006 Phil Knirsch <pknirsch at redhat.com> 2.0.33-6
+- Included a few more overflow checks.
+
 * Fri Dec 09 2005 Jesse Keating <jkeating at redhat.com>
 - rebuilt