1 diff -u gd-2.0.28/gd.c gd-2.0.28/gd.c
2 --- gd-2.0.28/gd.c 2004-11-02 17:47:12.977824069 +0100
3 +++ gd-2.0.28/gd.c 2006-01-20 11:14:42.000000000 +0100
6 im = (gdImage *) gdMalloc (sizeof (gdImage));
7 memset (im, 0, sizeof (gdImage));
8 + if (overflow2(sizeof (unsigned char *), sy))
13 /* Row-major ever since gd 1.3 */
14 im->pixels = (unsigned char **) gdMalloc (sizeof (unsigned char *) * sy);
18 im->polyAllocated *= 2;
20 + if (overflow2(sizeof (int), im->polyAllocated)) {
23 im->polyInts = (int *) gdRealloc (im->polyInts,
24 sizeof (int) * im->polyAllocated);
28 --- gd-2.0.28/gdxpm.c.security 2006-01-20 11:14:52.000000000 +0100
29 +++ gd-2.0.28/gdxpm.c 2006-01-20 11:15:26.000000000 +0100
33 number = image.ncolors;
34 + if (overflow2(sizeof (int), number)) {
37 colors = (int *) gdMalloc (sizeof (int) * number);