Attachment #172591 for bug #210913

Lines 2-17 Link Here

(-)Makefile (-4 / +8 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= libgd	4	PORTNAME= libgd
5	PORTVERSION= 2.1.1	5	PORTVERSION= 2.2.2
6	PORTREVISION?= 0	6	PORTREVISION?= 0
7	PORTEPOCH= 1	7	PORTEPOCH= 1
8	CATEGORIES+= graphics	8	CATEGORIES+= graphics
9	MASTER_SITES= https://bitbucket.org/libgd/gd-libgd/downloads/ \	9	MASTER_SITES= https://github.com/${PORTNAME}/${PORTNAME}/releases/download/gd-${PORTVERSION}/
10	http://cdn.bitbucket.org/libgd/gd-libgd/downloads/
11		10
12	MAINTAINER?= dinoex@FreeBSD.org	11	MAINTAINER?= dinoex@FreeBSD.org
13	COMMENT?= Graphics library for fast creation of images	12	COMMENT?= Graphics library for fast creation of images
14		13
		14	LICENSE= MIT
		15
15	LIB_DEPENDS= libtiff.so:graphics/tiff \	16	LIB_DEPENDS= libtiff.so:graphics/tiff \
16	libpng.so:graphics/png \	17	libpng.so:graphics/png \
17	libfreetype.so:print/freetype2	18	libfreetype.so:print/freetype2
Lines 99-104 Link Here
99	post-install:	100	post-install:
100	${INSTALL_DATA} ${WRKSRC}/src/gdhelpers.h \	101	${INSTALL_DATA} ${WRKSRC}/src/gdhelpers.h \
101	${STAGEDIR}${PREFIX}/include/	102	${STAGEDIR}${PREFIX}/include/
102	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libgd.so.5	103	${MV} ${STAGEDIR}${PREFIX}/lib/libgd.so.3.0.20202 ${STAGEDIR}${PREFIX}/lib/libgd.so.6.0.20202
		104	${LN} -sf libgd.so.6.0.20202 ${STAGEDIR}${PREFIX}/lib/libgd.so.6
		105	${RM} ${STAGEDIR}${PREFIX}/lib/libgd.so.3
		106	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libgd.so.6.0.20202
103		107
104	.include <bsd.port.mk>	108	.include <bsd.port.mk>

Lines 1-3 Link Here

(-)distinfo (-3 / +3 lines)
1	TIMESTAMP = 1468105350	1	TIMESTAMP = 1468712078
2	SHA256 (libgd-2.1.1.tar.xz) = 9ada1ed45594abc998ebc942cef12b032fbad672e73efc22bc9ff54f5df2b285	2	SHA256 (libgd-2.2.2.tar.xz) = 489f756ce07f0c034b1a794f4d34fdb4d829256112cb3c36feb40bb56b79218c
3	SIZE (libgd-2.1.1.tar.xz) = 2039132	3	SIZE (libgd-2.2.2.tar.xz) = 2105628




--- src/bdftogd.orig	2013-06-25 11:58:23.000000000 +0200
+++ src/bdftogd	2013-08-15 21:03:29.000000000 +0200
@@ -24,6 +24,9 @@
 my $filename = shift;
 $filename = 'gd' . $filename unless $filename =~ /^gd/i;
 
+my $gdfunc = $gdname;
+$gdfunc =~ s/(.*Font)(.*)/$1Get$2/;
+
 if (-f "$filename.c") { die "File $filename.c already exists, won't overwrite\n"; }
 if (-f "$filename.h") { die "File $filename.h already exists, won't overwrite\n"; }
 
@@ -139,6 +142,10 @@
 
 $info
 
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
 #include "$filename.h"
 
 char ${gdname}Data[] = {
@@ -177,28 +184,40 @@
 	${gdname}Data
 };
 
-gdFontPtr ${gdname} = &${gdname}Rep;
+BGD_EXPORT_DATA_PROT gdFontPtr ${gdname} = &${gdname}Rep;
 
-/* This file has not been truncated. */
+BGD_DECLARE(gdFontPtr)
+$gdfunc (void)
+{
+  return $gdname;
+}
 
+/* This file has not been truncated. */
 EOF
 
 
 close FILEC;
 
 print FILEH <<"EOF";
-
 #ifndef $capdef
 #define $capdef 1
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 $info
 
 #include "gd.h"
 
-extern gdFontPtr $gdname;
+extern BGD_EXPORT_DATA_PROT  gdFontPtr $gdname;
+BGD_DECLARE(gdFontPtr) $gdfunc(void);
 
+#ifdef __cplusplus
+}
 #endif
 
+#endif
 EOF
 
 1;




--- src/gd_png.c.orig	2013-06-25 11:58:23.000000000 +0200
+++ src/gd_png.c	2013-08-01 07:08:18.000000000 +0200
@@ -196,6 +196,14 @@
 	png_read_info (png_ptr, info_ptr);	/* read all PNG info up to image data */
 
 	png_get_IHDR (png_ptr, info_ptr, &width, &height, &bit_depth, &color_type, &interlace_type, NULL, NULL);
+
+	if (overflow2(sizeof (int), width)) {
+		return NULL;
+	}
+	if (overflow2(sizeof (int) * width, height)) {
+		return NULL;
+	}
+
 	if ((color_type == PNG_COLOR_TYPE_RGB) || (color_type == PNG_COLOR_TYPE_RGB_ALPHA)
 	        || color_type == PNG_COLOR_TYPE_GRAY_ALPHA) {
 		im = gdImageCreateTrueColor ((int) width, (int) height);




--- src/gdtest.c.orig	2013-06-25 11:58:23.000000000 +0200
+++ src/gdtest.c	2013-08-01 07:12:08.000000000 +0200
@@ -35,6 +35,8 @@
 	gdSink imgsnk;
 	int foreground;
 	int i;
+	gdIOCtx *ctx;
+
 	if (argc != 2) {
 		fprintf(stderr, "Usage: gdtest filename.png\n");
 		exit (1);
@@ -55,6 +57,35 @@
 
 	CompareImages ("Initial Versions", ref, im);
 
+        /* */
+        /* Send to GIF File then Ptr */
+        /* */
+        sprintf(of, "%s.gif", argv[1]);
+        out = fopen(of, "wb");
+        gdImageGif(im, out);
+        fclose(out);
+
+        in = fopen(of, "rb");
+        if (!in) {
+                fprintf(stderr, "GIF Output file does not exist!\n");
+                exit(1);
+        }
+        im2 = gdImageCreateFromGif(in);
+        fclose(in);
+
+        CompareImages("GD->GIF File->GD", ref, im2);
+
+        unlink(of);
+        gdImageDestroy(im2);
+
+	iptr = gdImageGifPtr(im,&sz);
+	ctx = gdNewDynamicCtx(sz,iptr);
+	im2 = gdImageCreateFromGifCtx(ctx);
+
+        CompareImages("GD->GIF ptr->GD", ref, im2);
+
+	gdImageDestroy(im2);
+	ctx->gd_free(ctx);
 
 	/* */
 	/* Send to PNG File then Ptr */
@@ -268,6 +299,10 @@
 	printf ("[Merged Image has %d colours]\n", im2->colorsTotal);
 	CompareImages ("Merged (gdtest.png, gdtest_merge.png)", im2, im3);
 
+	out = fopen ("test/gdtest_merge_out.png", "wb");
+	gdImagePng(im2, out);
+	fclose(out);
+
 	gdImageDestroy (im2);
 	gdImageDestroy (im3);
 




--- src/bdftogd.orig	2016-07-16 18:36:51 UTC
+++ src/bdftogd
@@ -24,6 +24,9 @@ $gdname = 'gd' . $gdname unless $gdname 
 my $filename = shift;
 $filename = 'gd' . $filename unless $filename =~ /^gd/i;
 
+my $gdfunc = $gdname;
+$gdfunc =~ s/(.*Font)(.*)/$1Get$2/;
+
 if (-f "$filename.c") { die "File $filename.c already exists, won't overwrite\n"; }
 if (-f "$filename.h") { die "File $filename.h already exists, won't overwrite\n"; }
 
@@ -139,6 +142,10 @@ print FILEC <<"EOF";
 
 $info
 
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
 #include "$filename.h"
 
 char ${gdname}Data[] = {
@@ -177,28 +184,40 @@ gdFont ${gdname}Rep = {
 	${gdname}Data
 };
 
-gdFontPtr ${gdname} = &${gdname}Rep;
+BGD_EXPORT_DATA_PROT gdFontPtr ${gdname} = &${gdname}Rep;
 
-/* This file has not been truncated. */
+BGD_DECLARE(gdFontPtr)
+$gdfunc (void)
+{
+  return $gdname;
+}
 
+/* This file has not been truncated. */
 EOF
 
 
 close FILEC;
 
 print FILEH <<"EOF";
-
 #ifndef $capdef
 #define $capdef 1
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 $info
 
 #include "gd.h"
 
-extern gdFontPtr $gdname;
+extern BGD_EXPORT_DATA_PROT  gdFontPtr $gdname;
+BGD_DECLARE(gdFontPtr) $gdfunc(void);
 
+#ifdef __cplusplus
+}
 #endif
 
+#endif
 EOF
 
 1;




--- src/gd_png.c.orig	2015-01-11 07:01:42 UTC
+++ src/gd_png.c
@@ -267,6 +267,14 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFro
 	png_read_info (png_ptr, info_ptr);	/* read all PNG info up to image data */
 
 	png_get_IHDR (png_ptr, info_ptr, &width, &height, &bit_depth, &color_type, &interlace_type, NULL, NULL);
+
+	if (overflow2(sizeof (int), width)) {
+		return NULL;
+	}
+	if (overflow2(sizeof (int) * width, height)) {
+		return NULL;
+	}
+
 	if ((color_type == PNG_COLOR_TYPE_RGB) || (color_type == PNG_COLOR_TYPE_RGB_ALPHA)
 	        || color_type == PNG_COLOR_TYPE_GRAY_ALPHA) {
 		im = gdImageCreateTrueColor ((int) width, (int) height);




--- src/gd_tga.c.orig	2015-01-06 09:16:03 UTC
+++ src/gd_tga.c
@@ -285,14 +285,23 @@ int read_image_tga( gdIOCtx *ctx, oTga *
 		buffer_caret = 0;
 
 		while( bitmap_caret < image_block_size ) {
-
+			
 			if ((decompression_buffer[buffer_caret] & TGA_RLE_FLAG) == TGA_RLE_FLAG) {
 				encoded_pixels = ( ( decompression_buffer[ buffer_caret ] & 127 ) + 1 );
 				buffer_caret++;
 
-				for (i = 0; i < encoded_pixels; i++) {
-					for (j = 0; j < pixel_block_size; j++, bitmap_caret++) {
-						tga->bitmap[ bitmap_caret ] = decompression_buffer[ buffer_caret + j ];
+				if (encoded_pixels != 0) {
+				
+					if (!((buffer_caret + (encoded_pixels * pixel_block_size)) < image_block_size)) {
+						gdFree( decompression_buffer );
+						gdFree( conversion_buffer );
+						return -1;
+					}
+
+					for (i = 0; i < encoded_pixels; i++) {
+						for (j = 0; j < pixel_block_size; j++, bitmap_caret++) {
+							tga->bitmap[ bitmap_caret ] = decompression_buffer[ buffer_caret + j ];
+						}
 					}
 				}
 				buffer_caret += pixel_block_size;
@@ -300,11 +309,20 @@ int read_image_tga( gdIOCtx *ctx, oTga *
 				encoded_pixels = decompression_buffer[ buffer_caret ] + 1;
 				buffer_caret++;
 
-				for (i = 0; i < encoded_pixels; i++) {
-					for( j = 0; j < pixel_block_size; j++, bitmap_caret++ ) {
-						tga->bitmap[ bitmap_caret ] = decompression_buffer[ buffer_caret + j ];
+				if (encoded_pixels != 0) {
+				
+					if (!((buffer_caret + (encoded_pixels * pixel_block_size)) < image_block_size)) {
+						gdFree( decompression_buffer );
+						gdFree( conversion_buffer );
+						return -1;
+					}
+
+					for (i = 0; i < encoded_pixels; i++) {
+						for( j = 0; j < pixel_block_size; j++, bitmap_caret++ ) {
+							tga->bitmap[ bitmap_caret ] = decompression_buffer[ buffer_caret + j ];
+						}
+						buffer_caret += pixel_block_size;
 					}
-					buffer_caret += pixel_block_size;
 				}
 			}
 		}




--- src/gdtest.c.orig	2015-01-06 09:16:03 UTC
+++ src/gdtest.c
@@ -35,6 +35,8 @@ main (int argc, char **argv)
 	gdSink imgsnk;
 	int foreground;
 	int i;
+	gdIOCtx *ctx;
+
 	if (argc != 2) {
 		fprintf(stderr, "Usage: gdtest filename.png\n");
 		exit (1);
@@ -55,6 +57,35 @@ main (int argc, char **argv)
 
 	CompareImages ("Initial Versions", ref, im);
 
+        /* */
+        /* Send to GIF File then Ptr */
+        /* */
+        sprintf(of, "%s.gif", argv[1]);
+        out = fopen(of, "wb");
+        gdImageGif(im, out);
+        fclose(out);
+
+        in = fopen(of, "rb");
+        if (!in) {
+                fprintf(stderr, "GIF Output file does not exist!\n");
+                exit(1);
+        }
+        im2 = gdImageCreateFromGif(in);
+        fclose(in);
+
+        CompareImages("GD->GIF File->GD", ref, im2);
+
+        unlink(of);
+        gdImageDestroy(im2);
+
+	iptr = gdImageGifPtr(im,&sz);
+	ctx = gdNewDynamicCtx(sz,iptr);
+	im2 = gdImageCreateFromGifCtx(ctx);
+
+        CompareImages("GD->GIF ptr->GD", ref, im2);
+
+	gdImageDestroy(im2);
+	ctx->gd_free(ctx);
 
 	/* */
 	/* Send to PNG File then Ptr */
@@ -268,6 +299,10 @@ main (int argc, char **argv)
 	printf ("[Merged Image has %d colours]\n", im2->colorsTotal);
 	CompareImages ("Merged (gdtest.png, gdtest_merge.png)", im2, im3);
 
+	out = fopen ("test/gdtest_merge_out.png", "wb");
+	gdImagePng(im2, out);
+	fclose(out);
+
 	gdImageDestroy (im2);
 	gdImageDestroy (im3);
 




Adjust to libvpx 1.4.0 until the code is removed.

https://chromium.googlesource.com/webm/libvpx/+/9cdaa3d%5E!/
https://bitbucket.org/libgd/gd-libgd/commits/824a3aa

--- src/webpimg.c.orig	2013-06-25 09:58:23 UTC
+++ src/webpimg.c
@@ -711,14 +711,14 @@ static WebPResult VPXEncode(const uint8*
     codec_ctl(&enc, VP8E_SET_STATIC_THRESHOLD, 0);
     codec_ctl(&enc, VP8E_SET_TOKEN_PARTITIONS, 2);
 
-    vpx_img_wrap(&img, IMG_FMT_I420,
+    vpx_img_wrap(&img, VPX_IMG_FMT_I420,
                  y_width, y_height, 16, (uint8*)(Y));
-    img.planes[PLANE_Y] = (uint8*)(Y);
-    img.planes[PLANE_U] = (uint8*)(U);
-    img.planes[PLANE_V] = (uint8*)(V);
-    img.stride[PLANE_Y] = y_stride;
-    img.stride[PLANE_U] = uv_stride;
-    img.stride[PLANE_V] = uv_stride;
+    img.planes[VPX_PLANE_Y] = (uint8*)(Y);
+    img.planes[VPX_PLANE_U] = (uint8*)(U);
+    img.planes[VPX_PLANE_V] = (uint8*)(V);
+    img.stride[VPX_PLANE_Y] = y_stride;
+    img.stride[VPX_PLANE_U] = uv_stride;
+    img.stride[VPX_PLANE_V] = uv_stride;
 
     res = vpx_codec_encode(&enc, &img, 0, 1, 0, VPX_DL_BEST_QUALITY);
 

Lines 28-33 Link Here

(-)pkg-plist (-2 / +2 lines)
28	lib/libgd.a	28	lib/libgd.a
29	lib/libgd.la	29	lib/libgd.la
30	lib/libgd.so	30	lib/libgd.so
31	lib/libgd.so.5	31	lib/libgd.so.6
32	lib/libgd.so.5.0.0	32	lib/libgd.so.6.0.20202
33	libdata/pkgconfig/gdlib.pc	33	libdata/pkgconfig/gdlib.pc

Return to bug 210913

Lines 1-68 Link Here

(-)files/patch-bdftogd (-68 lines)
1	--- src/bdftogd.orig 2013-06-25 11:58:23.000000000 +0200
2	+++ src/bdftogd 2013-08-15 21:03:29.000000000 +0200
3	@@ -24,6 +24,9 @@
4	my $filename = shift;
5	$filename = 'gd' . $filename unless $filename =~ /^gd/i;
6
7	+my $gdfunc = $gdname;
8	+$gdfunc =~ s/(.Font)(.)/$1Get$2/;
9	+
10	if (-f "$filename.c") { die "File $filename.c already exists, won't overwrite\n"; }
11	if (-f "$filename.h") { die "File $filename.h already exists, won't overwrite\n"; }
12
13	@@ -139,6 +142,10 @@
14
15	$info
16
17	+#ifdef HAVE_CONFIG_H
18	+#include "config.h"
19	+#endif
20	+
21	#include "$filename.h"
22
23	char ${gdname}Data[] = {
24	@@ -177,28 +184,40 @@
25	${gdname}Data
26	};
27
28	-gdFontPtr ${gdname} = &${gdname}Rep;
29	+BGD_EXPORT_DATA_PROT gdFontPtr ${gdname} = &${gdname}Rep;
30
31	-/* This file has not been truncated. */
32	+BGD_DECLARE(gdFontPtr)
33	+$gdfunc (void)
34	+{
35	+ return $gdname;
36	+}
37
38	+/* This file has not been truncated. */
39	EOF
40
41
42	close FILEC;
43
44	print FILEH <<"EOF";
45	-
46	#ifndef $capdef
47	#define $capdef 1
48
49	+#ifdef __cplusplus
50	+extern "C" {
51	+#endif
52	+
53	$info
54
55	#include "gd.h"
56
57	-extern gdFontPtr $gdname;
58	+extern BGD_EXPORT_DATA_PROT gdFontPtr $gdname;
59	+BGD_DECLARE(gdFontPtr) $gdfunc(void);
60
61	+#ifdef __cplusplus
62	+}
63	#endif
64
65	+#endif
66	EOF
67
68	1;

Lines 1-17 Link Here

(-)files/patch-gd_png.c (-17 lines)
1	--- src/gd_png.c.orig 2013-06-25 11:58:23.000000000 +0200
2	+++ src/gd_png.c 2013-08-01 07:08:18.000000000 +0200
3	@@ -196,6 +196,14 @@
4	png_read_info (png_ptr, info_ptr); /* read all PNG info up to image data */
5
6	png_get_IHDR (png_ptr, info_ptr, &width, &height, &bit_depth, &color_type, &interlace_type, NULL, NULL);
7	+
8	+ if (overflow2(sizeof (int), width)) {
9	+ return NULL;
10	+ }
11	+ if (overflow2(sizeof (int) * width, height)) {
12	+ return NULL;
13	+ }
14	+
15	if ((color_type == PNG_COLOR_TYPE_RGB) \|\| (color_type == PNG_COLOR_TYPE_RGB_ALPHA)
16	\|\| color_type == PNG_COLOR_TYPE_GRAY_ALPHA) {
17	im = gdImageCreateTrueColor ((int) width, (int) height);

Lines 1-58 Link Here

(-)files/patch-gdtest.c (-58 lines)
1	--- src/gdtest.c.orig 2013-06-25 11:58:23.000000000 +0200
2	+++ src/gdtest.c 2013-08-01 07:12:08.000000000 +0200
3	@@ -35,6 +35,8 @@
4	gdSink imgsnk;
5	int foreground;
6	int i;
7	+ gdIOCtx *ctx;
8	+
9	if (argc != 2) {
10	fprintf(stderr, "Usage: gdtest filename.png\n");
11	exit (1);
12	@@ -55,6 +57,35 @@
13
14	CompareImages ("Initial Versions", ref, im);
15
16	+ /* */
17	+ /* Send to GIF File then Ptr */
18	+ /* */
19	+ sprintf(of, "%s.gif", argv[1]);
20	+ out = fopen(of, "wb");
21	+ gdImageGif(im, out);
22	+ fclose(out);
23	+
24	+ in = fopen(of, "rb");
25	+ if (!in) {
26	+ fprintf(stderr, "GIF Output file does not exist!\n");
27	+ exit(1);
28	+ }
29	+ im2 = gdImageCreateFromGif(in);
30	+ fclose(in);
31	+
32	+ CompareImages("GD->GIF File->GD", ref, im2);
33	+
34	+ unlink(of);
35	+ gdImageDestroy(im2);
36	+
37	+ iptr = gdImageGifPtr(im,&sz);
38	+ ctx = gdNewDynamicCtx(sz,iptr);
39	+ im2 = gdImageCreateFromGifCtx(ctx);
40	+
41	+ CompareImages("GD->GIF ptr->GD", ref, im2);
42	+
43	+ gdImageDestroy(im2);
44	+ ctx->gd_free(ctx);
45
46	/* */
47	/* Send to PNG File then Ptr */
48	@@ -268,6 +299,10 @@
49	printf ("[Merged Image has %d colours]\n", im2->colorsTotal);
50	CompareImages ("Merged (gdtest.png, gdtest_merge.png)", im2, im3);
51
52	+ out = fopen ("test/gdtest_merge_out.png", "wb");
53	+ gdImagePng(im2, out);
54	+ fclose(out);
55	+
56	gdImageDestroy (im2);
57	gdImageDestroy (im3);
58

Line 0 Link Here

(-)files/patch-src_bdftogd (+68 lines)
		1	--- src/bdftogd.orig 2016-07-16 18:36:51 UTC
		2	+++ src/bdftogd
		3	@@ -24,6 +24,9 @@ $gdname = 'gd' . $gdname unless $gdname
		4	my $filename = shift;
		5	$filename = 'gd' . $filename unless $filename =~ /^gd/i;
		6
		7	+my $gdfunc = $gdname;
		8	+$gdfunc =~ s/(.Font)(.)/$1Get$2/;
		9	+
		10	if (-f "$filename.c") { die "File $filename.c already exists, won't overwrite\n"; }
		11	if (-f "$filename.h") { die "File $filename.h already exists, won't overwrite\n"; }
		12
		13	@@ -139,6 +142,10 @@ print FILEC <<"EOF";
		14
		15	$info
		16
		17	+#ifdef HAVE_CONFIG_H
		18	+#include "config.h"
		19	+#endif
		20	+
		21	#include "$filename.h"
		22
		23	char ${gdname}Data[] = {
		24	@@ -177,28 +184,40 @@ gdFont ${gdname}Rep = {
		25	${gdname}Data
		26	};
		27
		28	-gdFontPtr ${gdname} = &${gdname}Rep;
		29	+BGD_EXPORT_DATA_PROT gdFontPtr ${gdname} = &${gdname}Rep;
		30
		31	-/* This file has not been truncated. */
		32	+BGD_DECLARE(gdFontPtr)
		33	+$gdfunc (void)
		34	+{
		35	+ return $gdname;
		36	+}
		37
		38	+/* This file has not been truncated. */
		39	EOF
		40
		41
		42	close FILEC;
		43
		44	print FILEH <<"EOF";
		45	-
		46	#ifndef $capdef
		47	#define $capdef 1
		48
		49	+#ifdef __cplusplus
		50	+extern "C" {
		51	+#endif
		52	+
		53	$info
		54
		55	#include "gd.h"
		56
		57	-extern gdFontPtr $gdname;
		58	+extern BGD_EXPORT_DATA_PROT gdFontPtr $gdname;
		59	+BGD_DECLARE(gdFontPtr) $gdfunc(void);
		60
		61	+#ifdef __cplusplus
		62	+}
		63	#endif
		64
65	+#endif
66	EOF
67
68	1;

Line 0 Link Here

(-)files/patch-src_gd__png.c (+17 lines)
	1	--- src/gd_png.c.orig 2015-01-11 07:01:42 UTC
	2	+++ src/gd_png.c
	3	@@ -267,6 +267,14 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFro
	4	png_read_info (png_ptr, info_ptr); /* read all PNG info up to image data */
	5
	6	png_get_IHDR (png_ptr, info_ptr, &width, &height, &bit_depth, &color_type, &interlace_type, NULL, NULL);
	7	+
	8	+ if (overflow2(sizeof (int), width)) {
	9	+ return NULL;
	10	+ }
	11	+ if (overflow2(sizeof (int) * width, height)) {
	12	+ return NULL;
	13	+ }
	14	+
	15	if ((color_type == PNG_COLOR_TYPE_RGB) \|\| (color_type == PNG_COLOR_TYPE_RGB_ALPHA)
	16	\|\| color_type == PNG_COLOR_TYPE_GRAY_ALPHA) {
	17	im = gdImageCreateTrueColor ((int) width, (int) height);

Line 0 Link Here

(-)files/patch-src_gd__tga.c (+55 lines)
	1	--- src/gd_tga.c.orig 2015-01-06 09:16:03 UTC
	2	+++ src/gd_tga.c
	3	@@ -285,14 +285,23 @@ int read_image_tga( gdIOCtx ctx, oTga
	4	buffer_caret = 0;
	5
	6	while( bitmap_caret < image_block_size ) {
	7	-
	8	+
	9	if ((decompression_buffer[buffer_caret] & TGA_RLE_FLAG) == TGA_RLE_FLAG) {
	10	encoded_pixels = ( ( decompression_buffer[ buffer_caret ] & 127 ) + 1 );
	11	buffer_caret++;
	12
	13	- for (i = 0; i < encoded_pixels; i++) {
	14	- for (j = 0; j < pixel_block_size; j++, bitmap_caret++) {
	15	- tga->bitmap[ bitmap_caret ] = decompression_buffer[ buffer_caret + j ];
	16	+ if (encoded_pixels != 0) {
	17	+
	18	+ if (!((buffer_caret + (encoded_pixels * pixel_block_size)) < image_block_size)) {
	19	+ gdFree( decompression_buffer );
	20	+ gdFree( conversion_buffer );
	21	+ return -1;
	22	+ }
	23	+
	24	+ for (i = 0; i < encoded_pixels; i++) {
	25	+ for (j = 0; j < pixel_block_size; j++, bitmap_caret++) {
	26	+ tga->bitmap[ bitmap_caret ] = decompression_buffer[ buffer_caret + j ];
	27	+ }
	28	}
	29	}
	30	buffer_caret += pixel_block_size;
	31	@@ -300,11 +309,20 @@ int read_image_tga( gdIOCtx ctx, oTga
	32	encoded_pixels = decompression_buffer[ buffer_caret ] + 1;
	33	buffer_caret++;
	34
	35	- for (i = 0; i < encoded_pixels; i++) {
	36	- for( j = 0; j < pixel_block_size; j++, bitmap_caret++ ) {
	37	- tga->bitmap[ bitmap_caret ] = decompression_buffer[ buffer_caret + j ];
	38	+ if (encoded_pixels != 0) {
	39	+
	40	+ if (!((buffer_caret + (encoded_pixels * pixel_block_size)) < image_block_size)) {
	41	+ gdFree( decompression_buffer );
	42	+ gdFree( conversion_buffer );
	43	+ return -1;
	44	+ }
	45	+
	46	+ for (i = 0; i < encoded_pixels; i++) {
	47	+ for( j = 0; j < pixel_block_size; j++, bitmap_caret++ ) {
	48	+ tga->bitmap[ bitmap_caret ] = decompression_buffer[ buffer_caret + j ];
	49	+ }
	50	+ buffer_caret += pixel_block_size;
	51	}
	52	- buffer_caret += pixel_block_size;
	53	}
	54	}
	55	}

Line 0 Link Here

(-)files/patch-src_gdtest.c (+58 lines)
	1	--- src/gdtest.c.orig 2015-01-06 09:16:03 UTC
	2	+++ src/gdtest.c
	3	@@ -35,6 +35,8 @@ main (int argc, char **argv)
	4	gdSink imgsnk;
	5	int foreground;
	6	int i;
	7	+ gdIOCtx *ctx;
	8	+
	9	if (argc != 2) {
	10	fprintf(stderr, "Usage: gdtest filename.png\n");
	11	exit (1);
	12	@@ -55,6 +57,35 @@ main (int argc, char **argv)
	13
	14	CompareImages ("Initial Versions", ref, im);
	15
	16	+ /* */
	17	+ /* Send to GIF File then Ptr */
	18	+ /* */
	19	+ sprintf(of, "%s.gif", argv[1]);
	20	+ out = fopen(of, "wb");
	21	+ gdImageGif(im, out);
	22	+ fclose(out);
	23	+
	24	+ in = fopen(of, "rb");
	25	+ if (!in) {
	26	+ fprintf(stderr, "GIF Output file does not exist!\n");
	27	+ exit(1);
	28	+ }
	29	+ im2 = gdImageCreateFromGif(in);
	30	+ fclose(in);
	31	+
	32	+ CompareImages("GD->GIF File->GD", ref, im2);
	33	+
	34	+ unlink(of);
	35	+ gdImageDestroy(im2);
	36	+
	37	+ iptr = gdImageGifPtr(im,&sz);
	38	+ ctx = gdNewDynamicCtx(sz,iptr);
	39	+ im2 = gdImageCreateFromGifCtx(ctx);
	40	+
	41	+ CompareImages("GD->GIF ptr->GD", ref, im2);
	42	+
	43	+ gdImageDestroy(im2);
	44	+ ctx->gd_free(ctx);
	45
	46	/* */
	47	/* Send to PNG File then Ptr */
	48	@@ -268,6 +299,10 @@ main (int argc, char **argv)
	49	printf ("[Merged Image has %d colours]\n", im2->colorsTotal);
	50	CompareImages ("Merged (gdtest.png, gdtest_merge.png)", im2, im3);
	51
	52	+ out = fopen ("test/gdtest_merge_out.png", "wb");
	53	+ gdImagePng(im2, out);
	54	+ fclose(out);
	55	+
	56	gdImageDestroy (im2);
	57	gdImageDestroy (im3);
	58

Lines 1-29 Link Here

(-)files/patch-webpimg.c (-29 lines)
1	Adjust to libvpx 1.4.0 until the code is removed.
2
3	https://chromium.googlesource.com/webm/libvpx/+/9cdaa3d%5E!/
4	https://bitbucket.org/libgd/gd-libgd/commits/824a3aa
5
6	--- src/webpimg.c.orig 2013-06-25 09:58:23 UTC
7	+++ src/webpimg.c
8	@@ -711,14 +711,14 @@ static WebPResult VPXEncode(const uint8*
9	codec_ctl(&enc, VP8E_SET_STATIC_THRESHOLD, 0);
10	codec_ctl(&enc, VP8E_SET_TOKEN_PARTITIONS, 2);
11
12	- vpx_img_wrap(&img, IMG_FMT_I420,
13	+ vpx_img_wrap(&img, VPX_IMG_FMT_I420,
14	y_width, y_height, 16, (uint8*)(Y));
15	- img.planes[PLANE_Y] = (uint8*)(Y);
16	- img.planes[PLANE_U] = (uint8*)(U);
17	- img.planes[PLANE_V] = (uint8*)(V);
18	- img.stride[PLANE_Y] = y_stride;
19	- img.stride[PLANE_U] = uv_stride;
20	- img.stride[PLANE_V] = uv_stride;
21	+ img.planes[VPX_PLANE_Y] = (uint8*)(Y);
22	+ img.planes[VPX_PLANE_U] = (uint8*)(U);
23	+ img.planes[VPX_PLANE_V] = (uint8*)(V);
24	+ img.stride[VPX_PLANE_Y] = y_stride;
25	+ img.stride[VPX_PLANE_U] = uv_stride;
26	+ img.stride[VPX_PLANE_V] = uv_stride;
27
28	res = vpx_codec_encode(&enc, &img, 0, 1, 0, VPX_DL_BEST_QUALITY);
29