1 From a93eac0e843148dc2d631c3ba80af17e9c8c860f Mon Sep 17 00:00:00 2001
2 From: =?UTF-8?q?F=C3=A1bio=20Cabral=20Pacheco?= <fcabralpacheco@gmail.com>
3 Date: Fri, 20 Dec 2019 12:03:33 -0300
4 Subject: [PATCH] Fix potential NULL pointer dereference in gdImageClone()
8 tests/gdimageclone/style.c | 30 ++++++++++++++++++++++++++++++
9 5 files changed, 35 insertions(+), 9 deletions(-)
10 create mode 100644 tests/gdimageclone/style.c
12 diff --git a/src/gd.c b/src/gd.c
13 index 592a0286..d564d1f9 100644
16 @@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
20 - if (src->styleLength > 0) {
21 - dst->styleLength = src->styleLength;
22 - dst->stylePos = src->stylePos;
23 - for (i = 0; i < src->styleLength; i++) {
24 - dst->style[i] = src->style[i];
28 dst->interlace = src->interlace;
30 dst->alphaBlendingFlag = src->alphaBlendingFlag;
31 @@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
34 gdImageSetStyle(dst, src->style, src->styleLength);
35 + dst->stylePos = src->stylePos;
38 for (i = 0; i < gdMaxColors; i++) {
39 diff --git a/tests/gdimageclone/style.c b/tests/gdimageclone/style.c
41 index 00000000..c2b246ed
43 +++ b/tests/gdimageclone/style.c
46 + * Cloning an image should exactly reproduce all style related data
57 + gdImagePtr im, clone;
58 + int style[] = {0, 0, 0};
60 + im = gdImageCreate(8, 8);
61 + gdImageSetStyle(im, style, sizeof(style)/sizeof(style[0]));
63 + clone = gdImageClone(im);
64 + gdTestAssert(clone != NULL);
66 + gdTestAssert(clone->styleLength == im->styleLength);
67 + gdTestAssert(clone->stylePos == im->stylePos);
68 + gdTestAssert(!memcmp(clone->style, im->style, sizeof(style)/sizeof(style[0])));
70 + gdImageDestroy(clone);
73 + return gdNumFailures();
projects / packages / gd.git / blob