diff options
author | wilson chen <willson.chenwx@gmail.com> | 2019-12-20 10:12:04 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-12-20 10:12:04 +0800 |
commit | 2e886046f86d0d6bfc14aab94a881259a081e3f4 (patch) | |
tree | a87195bd40239062bda2310771f7b96252710a1d /tests | |
parent | 4b0f3724022ad5bdf16d86409126436ff5a31afb (diff) | |
download | libgd-2e886046f86d0d6bfc14aab94a881259a081e3f4.tar.gz |
Fix #497: gdImageColorMatch Out Of Bounds Write on Heap (CVE-2019-6977)
Fixed CVE-2019-6977 and add corresponding testcase.
Original patch by Christoph M. Bechker <cmbecker69@gmx.de>
https://gist.github.com/cmb69/1f36d285eb297ed326f5c821d7aafced
Diffstat (limited to 'tests')
-rw-r--r-- | tests/gdimagecolormatch/.gitignore | 1 | ||||
-rw-r--r-- | tests/gdimagecolormatch/CMakeLists.txt | 1 | ||||
-rw-r--r-- | tests/gdimagecolormatch/Makemodule.am | 1 | ||||
-rw-r--r-- | tests/gdimagecolormatch/cve_2019_6977.c | 25 |
4 files changed, 28 insertions, 0 deletions
diff --git a/tests/gdimagecolormatch/.gitignore b/tests/gdimagecolormatch/.gitignore index b1540a2..f68c491 100644 --- a/tests/gdimagecolormatch/.gitignore +++ b/tests/gdimagecolormatch/.gitignore @@ -1 +1,2 @@ +/cve_2019_6977 /gdimagecolormatch diff --git a/tests/gdimagecolormatch/CMakeLists.txt b/tests/gdimagecolormatch/CMakeLists.txt index 6a191dc..857b99a 100644 --- a/tests/gdimagecolormatch/CMakeLists.txt +++ b/tests/gdimagecolormatch/CMakeLists.txt @@ -1,4 +1,5 @@ LIST(APPEND TESTS_FILES + cve_2019_6977 gdimagecolormatch ) diff --git a/tests/gdimagecolormatch/Makemodule.am b/tests/gdimagecolormatch/Makemodule.am index db6c3d4..4ed48ce 100644 --- a/tests/gdimagecolormatch/Makemodule.am +++ b/tests/gdimagecolormatch/Makemodule.am @@ -1,4 +1,5 @@ libgd_test_programs += \ + gdimagecolormatch/cve_2019_6977 \ gdimagecolormatch/gdimagecolormatch EXTRA_DIST += \ diff --git a/tests/gdimagecolormatch/cve_2019_6977.c b/tests/gdimagecolormatch/cve_2019_6977.c new file mode 100644 index 0000000..fdd7af5 --- /dev/null +++ b/tests/gdimagecolormatch/cve_2019_6977.c @@ -0,0 +1,25 @@ +/** + * Test for CVE-2019-6977 + */ + +#include "gd.h" + +int main() +{ + gdImagePtr im1; + gdImagePtr im2; + + im1 = gdImageCreateTrueColor(0xfff, 0xfff); + im2 = gdImageCreate(0xfff, 0xfff); + if (gdImageColorAllocate(im2, 0, 0, 0) < 0) + { + gdImageDestroy(im1); + gdImageDestroy(im2); + return 1; + } + gdImageSetPixel(im2, 0, 0, 255); + gdImageColorMatch(im1, im2); + gdImageDestroy(im1); + gdImageDestroy(im2); + return 0; +} |