Fix integer overflow in gdImageWebpCtx and bump PORTREVISION.

PR: 213023 Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
svn path=/head/; revision=422858
2025-07-18 17:59:20 -04:00 · 2016-09-28 08:20:46 +00:00 · 2016-09-28 08:20:46 +00:00 · b1e3ed17fd · 2021-03-31 03:12:20 +00:00
commit b1e3ed17fd
parent a9f8bc813e
6 changed files with 44 additions and 7 deletions
--- a/graphics/php55-gd/Makefile
+++ b/graphics/php55-gd/Makefile
@ -1,7 +1,7 @@
 # Created by: Alex Dupre <ale@FreeBSD.org>
 # $FreeBSD$

-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	graphics

 MASTERDIR=	${.CURDIR}/../../lang/php55
--- a/graphics/php55-gd/files/patch-config.m4
+++ b/graphics/php55-gd/files/patch-config.m4
@ -1,6 +1,6 @@
--- config.m4.orig	2013-12-11 00:31:06.000000000 +0100
-+++ config.m4	2013-12-24 21:11:19.000000000 +0100
-@@ -233,7 +233,7 @@
+--- config.m4.orig	2016-07-20 10:41:48.000000000 +0200
+++ config.m4	2016-09-28 10:06:48.173731000 +0200
+@@ -228,7 +228,7 @@ AC_DEFUN([PHP_GD_T1LIB],[
     ],[
       AC_MSG_ERROR([Problem with libt1.(a|so). Please check config.log for more information.])
     ],[
--- a/graphics/php55-gd/files/patch-libgd_gd_webp.c
+++ b/graphics/php55-gd/files/patch-libgd_gd_webp.c
@ -0,0 +1,18 @@
+--- libgd/gd_webp.c.orig	2016-09-28 10:07:06.092196000 +0200
+++ libgd/gd_webp.c	2016-09-28 10:08:12.429030000 +0200
+@@ -180,6 +180,15 @@ void gdImageWebpCtx (gdImagePtr im, gdIO
+ 	/* Conversion to Y,U,V buffer */
+     yuv_width = (width + 1) >> 1;
+     yuv_height = (height + 1) >> 1;
+
+    if (overflow2(width, height)) {
+        return;
+    }
+    /* simplification possible, because WebP must not be larger than 16384**2 */
+    if (overflow2(width * height, 2 * sizeof(unsigned char))) {
+        return;
+    }
+
+     yuv_nbytes = width * height + 2 * yuv_width * yuv_height;
+ 
+     if ((Y = (unsigned char *)gdCalloc(yuv_nbytes, sizeof(unsigned char))) == NULL) {
--- a/graphics/php56-gd/Makefile
+++ b/graphics/php56-gd/Makefile
@ -1,6 +1,7 @@
 # Created by: Alex Dupre <ale@FreeBSD.org>
 # $FreeBSD$

+PORTREVISION=	1
 CATEGORIES=	graphics

 MASTERDIR=	${.CURDIR}/../../lang/php56
--- a/graphics/php56-gd/files/patch-config.m4
+++ b/graphics/php56-gd/files/patch-config.m4
@ -1,6 +1,6 @@
--- config.m4.orig	2013-12-11 00:31:06.000000000 +0100
-+++ config.m4	2013-12-24 21:11:19.000000000 +0100
-@@ -233,7 +233,7 @@
+--- config.m4.orig	2016-09-15 23:02:50.000000000 +0200
+++ config.m4	2016-09-28 10:10:26.335642000 +0200
+@@ -228,7 +228,7 @@ AC_DEFUN([PHP_GD_T1LIB],[
     ],[
       AC_MSG_ERROR([Problem with libt1.(a|so). Please check config.log for more information.])
     ],[
--- a/graphics/php56-gd/files/patch-libgd_gd_webp.c
+++ b/graphics/php56-gd/files/patch-libgd_gd_webp.c
@ -0,0 +1,18 @@
+--- libgd/gd_webp.c.orig	2016-09-28 10:07:06.092196000 +0200
+++ libgd/gd_webp.c	2016-09-28 10:08:12.429030000 +0200
+@@ -180,6 +180,15 @@ void gdImageWebpCtx (gdImagePtr im, gdIO
+ 	/* Conversion to Y,U,V buffer */
+     yuv_width = (width + 1) >> 1;
+     yuv_height = (height + 1) >> 1;
+
+    if (overflow2(width, height)) {
+        return;
+    }
+    /* simplification possible, because WebP must not be larger than 16384**2 */
+    if (overflow2(width * height, 2 * sizeof(unsigned char))) {
+        return;
+    }
+
+     yuv_nbytes = width * height + 2 * yuv_width * yuv_height;
+ 
+     if ((Y = (unsigned char *)gdCalloc(yuv_nbytes, sizeof(unsigned char))) == NULL) {