1 --- php-5.1.6/ext/gd/libgd/wbmp.c.cve1001
2 +++ php-5.1.6/ext/gd/libgd/wbmp.c
7 +#define SAFE_MULTIPLE(x,y) (x == 0 || y == 0 || (x > 0 && y > 0 && (x < INT_MAX / y)))
11 ** create an empty wbmp
13 if ((wbmp = (Wbmp *) gdMalloc (sizeof (Wbmp))) == NULL)
16 + if (!SAFE_MULTIPLE(width, height)) {
17 + php_gd_error("createwbmp: Integer overflow from WBMP image height/width (%d x %d)\n", width, height);
22 if ((wbmp->bitmap = (int *) safe_emalloc(sizeof(int), width * height, 0)) == NULL)
26 printf ("W: %d, H: %d\n", wbmp->width, wbmp->height);
29 + if (!SAFE_MULTIPLE(wbmp->width, wbmp->height)) {
30 + php_gd_error("readwbmp: Integer overflow from WBMP image height/width (%d x %d)\n",
31 + wbmp->width, wbmp->height);
36 if ((wbmp->bitmap = (int *) safe_emalloc(wbmp->width * wbmp->height, sizeof(int), 0)) == NULL)