Commits

pajoye  committed d322c2c

- MFB:
- prevent double lock/unlock for the tween colors cache
- use gdFree not free
- #40, possible Buffer overflow in the gdImageStringFTEx function
in gdft.c (CVE-2007-0455) (Kees Cook)

  • Participants
  • Parent commits 6b176ae
  • Branches GD-2.0

Comments (0)

Files changed (1)

 	      /* find antialised color */
 
 	      tc_key.bgcolor = *pixel;
-				gdMutexLock(gdFontCacheMutex);
 	      tc_elem = (tweencolor_t *) gdCacheGet (tc_cache, &tc_key);
 	      *pixel = tc_elem->tweencolor;
-				gdMutexUnlock(gdFontCacheMutex);
 	    }
 	}
     }
 		{
 		  ch = c & 0xFF;	/* don't extend sign */
 		}
-	      next++;
+	      if (*next) next++;
 	    }
 	    break;
 	  case gdFTEX_Big5:
       fullname = gdRealloc (fullname,
                           strlen (fontsearchpath) + strlen (name) + 8);
       /* if name is an absolute or relative pathname then test directly */
+#ifdef NETWARE
+      /* netware uses the format "volume:/path" or the standard "/path" */
+      if (name[0] != 0 && (strstr(name, ":/") || name[0] == '/'))
+#else
       if (strchr (name, '/')
 	  || (name[0] != 0 && name[1] == ':'
 	      && (name[2] == '/' || name[2] == '\\')))
+#endif
 	{
 	  sprintf (fullname, "%s", name);
 	  if (access (fullname, R_OK) == 0)
   gdFree (fontlist);
   if (!font_found)
     {
-      free (fullname);
+      gdFree (fullname);
       return "Could not find/open font";
     }