aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/gd-CVE-2016-8670.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/gd-CVE-2016-8670.patch')
-rw-r--r--gnu/packages/patches/gd-CVE-2016-8670.patch38
1 files changed, 0 insertions, 38 deletions
diff --git a/gnu/packages/patches/gd-CVE-2016-8670.patch b/gnu/packages/patches/gd-CVE-2016-8670.patch
deleted file mode 100644
index 39ee99ac31..0000000000
--- a/gnu/packages/patches/gd-CVE-2016-8670.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Fix CVE-2016-8670 (buffer overflow in dynamicGetbuf()):
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670
-http://seclists.org/oss-sec/2016/q4/138
-
-Patch copied from upstream source repository:
-
-https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9
-
-From 53110871935244816bbb9d131da0bccff734bfe9 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Wed, 12 Oct 2016 11:15:32 +0200
-Subject: [PATCH] Avoid potentially dangerous signed to unsigned conversion
-
-We make sure to never pass a negative `rlen` as size to memcpy(). See
-also <https://bugs.php.net/bug.php?id=73280>.
-
-Patch provided by Emmanuel Law.
----
- src/gd_io_dp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/gd_io_dp.c b/src/gd_io_dp.c
-index 135eda3..228bfa5 100644
---- a/src/gd_io_dp.c
-+++ b/src/gd_io_dp.c
-@@ -276,7 +276,7 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len)
- if(remain >= len) {
- rlen = len;
- } else {
-- if(remain == 0) {
-+ if(remain <= 0) {
- /* 2.0.34: EOF is incorrect. We use 0 for
- * errors and EOF, just like fileGetbuf,
- * which is a simple fread() wrapper.
---
-2.10.1
-