Add a patch from vendor to fix CVE-2009-3546.

Security: vuln e8344a3-ca52-11de-8ee8-00215c6a37bb Approved by: ale (maintainer)
author: Xin LI <delphij@FreeBSD.org> 2009-11-09 17:14:27 +0000
committer: Xin LI <delphij@FreeBSD.org> 2009-11-09 17:14:27 +0000
commit: a4895e4439e472af2056f1018facfa9e40e13567 (patch)
tree: 4d2dcf5ff3e68dea777db691126b07037e1ff76c /graphics/php5-gd/files
parent: Update graphics/f-spot to 0.6.1.2. (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/graphics/php5-gd/files/patch-CVE-2009-3546 b/graphics/php5-gd/files/patch-CVE-2009-3546
new file mode 100644
index 000000000000..2010c6829504
--- /dev/null
+++ b/graphics/php5-gd/files/patch-CVE-2009-3546
@@ -0,0 +1,12 @@
+--- ./libgd/gd_gd.c.orig	2007-08-09 07:21:38.000000000 -0700
++++ ./libgd/gd_gd.c	2009-11-08 23:13:19.144908056 -0800
+@@ -39,6 +39,9 @@
+ 			if (!gdGetWord(&im->colorsTotal, in)) {
+ 				goto fail1;
+ 			}
++			if (im->colorsTotal > gdMaxColors) {
++				goto fail1;
++			}
+ 		}
+ 		/* Int to accommodate truecolor single-color transparency */
+ 		if (!gdGetInt(&im->transparent, in)) {
author	Xin LI <delphij@FreeBSD.org>	2009-11-09 17:14:27 +0000
committer	Xin LI <delphij@FreeBSD.org>	2009-11-09 17:14:27 +0000
commit	a4895e4439e472af2056f1018facfa9e40e13567 (patch)
tree	4d2dcf5ff3e68dea777db691126b07037e1ff76c /graphics/php5-gd/files
parent	Update graphics/f-spot to 0.6.1.2. (diff)