gd: import from rawhide

1 files changed, 31 insertions, 0 deletions

diff --git a/gd-sa3.patch b/gd-sa3.patch
new file mode 100644
index 0000000..62ee2ea
--- /dev/null
+++ b/gd-sa3.patch
@@ -0,0 +1,31 @@
+The following issue has been found by Coverity static analysis tool.
+
+Error: STRING_OVERFLOW (CWE-120): [#def53]
+gd-2.0.35/annotate.c:42: cond_false: Condition "argc != 3", taking false branch
+gd-2.0.35/annotate.c:60: if_end: End of if statement
+gd-2.0.35/annotate.c:64: cond_false: Condition "!in", taking false branch
+gd-2.0.35/annotate.c:68: if_end: End of if statement
+gd-2.0.35/annotate.c:75: cond_false: Condition "!im", taking false branch
+gd-2.0.35/annotate.c:79: if_end: End of if statement
+gd-2.0.35/annotate.c:80: cond_true: Condition "fgets(s, 1024 /* sizeof (s) */, stdin)", taking true branch
+gd-2.0.35/annotate.c:85: cond_false: Condition "!st", taking false branch
+gd-2.0.35/annotate.c:89: if_end: End of if statement
+gd-2.0.35/annotate.c:90: cond_true: Condition "!__coverity_strcmp(st, "font")", taking true branch
+gd-2.0.35/annotate.c:93: cond_false: Condition "!st", taking false branch
+gd-2.0.35/annotate.c:96: if_end: End of if statement
+gd-2.0.35/annotate.c:97: fixed_size_dest: You might overrun the 1024 byte fixed-size string "font" by copying "st" without checking the length.
+
+diff -up gd-2.0.35/annotate.c.sa3 gd-2.0.35/annotate.c
+--- gd-2.0.35/annotate.c.sa3	2012-12-05 17:26:21.157729019 +0100
++++ gd-2.0.35/annotate.c	2012-12-05 17:27:31.762762209 +0100
+@@ -94,6 +94,10 @@ main (int argc, char *argv[])
+ 	    {
+ 	      goto badLine;
+ 	    }
++	  if (strlen(st) >= sizeof(font) - 1)
++	    {
++	      goto badLine;
++	    }
+ 	  strcpy (font, st);
+ 	}
+       else if (!strcmp (st, "align"))