Fix potential NULL pointer dereference in gdImageClone()

src/gd.c

@@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
 		}
 	}
 
-	if (src->styleLength > 0) {
-		dst->styleLength = src->styleLength;
-		dst->stylePos    = src->stylePos;
-		for (i = 0; i < src->styleLength; i++) {
-			dst->style[i] = src->style[i];
-		}
-	}
-
 	dst->interlace   = src->interlace;
 
 	dst->alphaBlendingFlag = src->alphaBlendingFlag;
@@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
 
 	if (src->style) {
 		gdImageSetStyle(dst, src->style, src->styleLength);
+		dst->stylePos = src->stylePos;
 	}
 
 	for (i = 0; i < gdMaxColors; i++) {

tests/gdimageclone/.gitignore

@@ -1 +1,2 @@
 /bug00300
+/style

tests/gdimageclone/CMakeLists.txt

@@ -1,5 +1,6 @@
 LIST(APPEND TESTS_FILES
 	bug00300
+	style
 )
 
 ADD_GD_TESTS()

tests/gdimageclone/Makemodule.am

@@ -1,5 +1,6 @@
 libgd_test_programs += \
-	gdimageclone/bug00300
+	gdimageclone/bug00300 \
+	gdimageclone/style
 
 EXTRA_DIST += \
 	gdimageclone/CMakeLists.txt

tests/gdimageclone/style.c

@@ -0,0 +1,30 @@
+/**
+ * Cloning an image should exactly reproduce all style related data
+ */
+
+
+#include <string.h>
+#include "gd.h"
+#include "gdtest.h"
+
+
+int main()
+{
+    gdImagePtr im, clone;
+    int style[] = {0, 0, 0};
+
+    im = gdImageCreate(8, 8);
+    gdImageSetStyle(im, style, sizeof(style)/sizeof(style[0]));
+
+    clone = gdImageClone(im);
+    gdTestAssert(clone != NULL);
+
+    gdTestAssert(clone->styleLength == im->styleLength);
+    gdTestAssert(clone->stylePos == im->stylePos);
+    gdTestAssert(!memcmp(clone->style, im->style, sizeof(style)/sizeof(style[0])));
+
+    gdImageDestroy(clone);
+    gdImageDestroy(im);
+
+    return gdNumFailures();
+}