Skip to content

Commit a93eac0

Browse files
fcabralpachecocmb69
authored andcommitted
Fix potential NULL pointer dereference in gdImageClone()
1 parent 2e88604 commit a93eac0

File tree

5 files changed

+35
-9
lines changed

5 files changed

+35
-9
lines changed

Diff for: src/gd.c

+1-8
Original file line numberDiff line numberDiff line change
@@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
28652865
}
28662866
}
28672867

2868-
if (src->styleLength > 0) {
2869-
dst->styleLength = src->styleLength;
2870-
dst->stylePos = src->stylePos;
2871-
for (i = 0; i < src->styleLength; i++) {
2872-
dst->style[i] = src->style[i];
2873-
}
2874-
}
2875-
28762868
dst->interlace = src->interlace;
28772869

28782870
dst->alphaBlendingFlag = src->alphaBlendingFlag;
@@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
29072899

29082900
if (src->style) {
29092901
gdImageSetStyle(dst, src->style, src->styleLength);
2902+
dst->stylePos = src->stylePos;
29102903
}
29112904

29122905
for (i = 0; i < gdMaxColors; i++) {

Diff for: tests/gdimageclone/.gitignore

+1
Original file line numberDiff line numberDiff line change
@@ -1 +1,2 @@
11
/bug00300
2+
/style

Diff for: tests/gdimageclone/CMakeLists.txt

+1
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
LIST(APPEND TESTS_FILES
22
bug00300
3+
style
34
)
45

56
ADD_GD_TESTS()

Diff for: tests/gdimageclone/Makemodule.am

+2-1
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
libgd_test_programs += \
2-
gdimageclone/bug00300
2+
gdimageclone/bug00300 \
3+
gdimageclone/style
34

45
EXTRA_DIST += \
56
gdimageclone/CMakeLists.txt

Diff for: tests/gdimageclone/style.c

+30
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
/**
2+
* Cloning an image should exactly reproduce all style related data
3+
*/
4+
5+
6+
#include <string.h>
7+
#include "gd.h"
8+
#include "gdtest.h"
9+
10+
11+
int main()
12+
{
13+
gdImagePtr im, clone;
14+
int style[] = {0, 0, 0};
15+
16+
im = gdImageCreate(8, 8);
17+
gdImageSetStyle(im, style, sizeof(style)/sizeof(style[0]));
18+
19+
clone = gdImageClone(im);
20+
gdTestAssert(clone != NULL);
21+
22+
gdTestAssert(clone->styleLength == im->styleLength);
23+
gdTestAssert(clone->stylePos == im->stylePos);
24+
gdTestAssert(!memcmp(clone->style, im->style, sizeof(style)/sizeof(style[0])));
25+
26+
gdImageDestroy(clone);
27+
gdImageDestroy(im);
28+
29+
return gdNumFailures();
30+
}

0 commit comments

Comments
 (0)