Skip to content

Commit

Permalink
Fix potential NULL pointer dereference in gdImageClone()
Browse files Browse the repository at this point in the history
  • Loading branch information
fcabralpacheco committed Dec 20, 2019
1 parent 2e88604 commit 441cbfe
Show file tree
Hide file tree
Showing 5 changed files with 35 additions and 9 deletions.
9 changes: 1 addition & 8 deletions src/gd.c
Original file line number Diff line number Diff line change
Expand Up @@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
}
}

if (src->styleLength > 0) {
dst->styleLength = src->styleLength;
dst->stylePos = src->stylePos;
for (i = 0; i < src->styleLength; i++) {
dst->style[i] = src->style[i];
}
}

dst->interlace = src->interlace;

dst->alphaBlendingFlag = src->alphaBlendingFlag;
Expand Down Expand Up @@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {

if (src->style) {
gdImageSetStyle(dst, src->style, src->styleLength);
dst->stylePos = src->stylePos;
}

for (i = 0; i < gdMaxColors; i++) {
Expand Down
1 change: 1 addition & 0 deletions tests/gdimageclone/.gitignore
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
/bug00300
/style
1 change: 1 addition & 0 deletions tests/gdimageclone/CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
LIST(APPEND TESTS_FILES
bug00300
style
)

ADD_GD_TESTS()
3 changes: 2 additions & 1 deletion tests/gdimageclone/Makemodule.am
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
libgd_test_programs += \
gdimageclone/bug00300
gdimageclone/bug00300 \
gdimageclone/style

EXTRA_DIST += \
gdimageclone/CMakeLists.txt
30 changes: 30 additions & 0 deletions tests/gdimageclone/style.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
/**
* Cloning an image should exactly reproduce all style related data
*/


#include <string.h>
#include "gd.h"
#include "gdtest.h"


int main()
{
gdImagePtr im, clone;
int style[] = {0, 0, 0};

im = gdImageCreate(8, 8);
gdImageSetStyle(im, style, sizeof(style)/sizeof(style[0]));

clone = gdImageClone(im);
gdTestAssert(clone != NULL);

gdTestAssert(clone->styleLength == im->styleLength);
gdTestAssert(clone->stylePos == im->stylePos);
gdTestAssert(!memcmp(clone->style, im->style, sizeof(style)/sizeof(style[0])));

gdImageDestroy(clone);
gdImageDestroy(im);

return gdNumFailures();
}

0 comments on commit 441cbfe

Please sign in to comment.