45 lines
1.1 KiB
Diff
45 lines
1.1 KiB
Diff
|
--- gd.c
|
||
|
|
+++ gd.c
|
||
|
|
@@ -74,6 +74,10 @@
|
||
|
|
im = (gdImage *) gdMalloc (sizeof (gdImage));
|
||
|
|
memset (im, 0, sizeof (gdImage));
|
||
|
|
/* Row-major ever since gd 1.3 */
|
||
|
|
+ if (overflow2(sizeof (unsigned char *), sy)) {
|
||
|
|
+ gdFree(im);
|
||
|
|
+ return NULL;
|
||
|
|
+ }
|
||
|
|
im->pixels = (unsigned char **) gdMalloc (sizeof (unsigned char *) * sy);
|
||
|
|
im->polyInts = 0;
|
||
|
|
im->polyAllocated = 0;
|
||
|
|
@@ -114,6 +118,10 @@
|
||
|
|
gdImagePtr im;
|
||
|
|
im = (gdImage *) gdMalloc (sizeof (gdImage));
|
||
|
|
memset (im, 0, sizeof (gdImage));
|
||
|
|
+ if (overflow2(sizeof (int *), sy)) {
|
||
|
|
+ gdFree(im);
|
||
|
|
+ return NULL;
|
||
|
|
+ }
|
||
|
|
im->tpixels = (int **) gdMalloc (sizeof (int *) * sy);
|
||
|
|
im->polyInts = 0;
|
||
|
|
im->polyAllocated = 0;
|
||
|
|
@@ -2462,6 +2470,8 @@
|
||
|
|
}
|
||
|
|
bytes = (w * h / 8) + 1;
|
||
|
|
im = gdImageCreate (w, h);
|
||
|
|
+ if (!im)
|
||
|
|
+ return NULL;
|
||
|
|
gdImageColorAllocate (im, 255, 255, 255);
|
||
|
|
gdImageColorAllocate (im, 0, 0, 0);
|
||
|
|
x = 0;
|
||
|
|
--- gd_gd.c
|
||
|
|
+++ gd_gd.c
|
||
|
|
@@ -149,6 +149,8 @@
|
||
|
|
{
|
||
|
|
im = gdImageCreate (*sx, *sy);
|
||
|
|
}
|
||
|
|
+ if (!im)
|
||
|
|
+ goto fail1;
|
||
|
|
if (!_gdGetColors (in, im, gd2xFlag))
|
||
|
|
{
|
||
|
|
goto fail2;
|