pajoye Sun Dec 10 01:38:02 2006 UTC
Added files: (Branch: PHP_5_2)
/php-src/ext/gd/tests bug39780.phpt bug39780.png
Modified files:
/php-src/ext/gd gd.c
/php-src/ext/gd/libgd gd_png.c
Log:
- MFH:#39780, PNG image with CRC/data error raises fatal error
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/gd.c?r1=1.312.2.20.2.9&r2=1.312.2.20.2.10&diff_format=u
Index: php-src/ext/gd/gd.c
diff -u php-src/ext/gd/gd.c:1.312.2.20.2.9 php-src/ext/gd/gd.c:1.312.2.20.2.10
--- php-src/ext/gd/gd.c:1.312.2.20.2.9 Fri Nov 3 15:13:17 2006
+++ php-src/ext/gd/gd.c Sun Dec 10 01:38:01 2006
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: gd.c,v 1.312.2.20.2.9 2006/11/03 15:13:17 bjori Exp $ */
+/* $Id: gd.c,v 1.312.2.20.2.10 2006/12/10 01:38:01 pajoye Exp $ */
/* gd 1.2 is copyright 1994, 1995, Quest Protein Database Center,
Cold Spring Harbor Labs. */
@@ -2249,6 +2249,11 @@
im = (*ioctx_func_p)(io_ctx);
if (!im) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Passed data is not
in '%s' format", tn);
+#if HAVE_LIBGD204
+ io_ctx->gd_free(io_ctx);
+#else
+ io_ctx->free(io_ctx);
+#endif
return NULL;
}
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_png.c?r1=1.17.4.2.2.3&r2=1.17.4.2.2.4&diff_format=u
Index: php-src/ext/gd/libgd/gd_png.c
diff -u php-src/ext/gd/libgd/gd_png.c:1.17.4.2.2.3
php-src/ext/gd/libgd/gd_png.c:1.17.4.2.2.4
--- php-src/ext/gd/libgd/gd_png.c:1.17.4.2.2.3 Sun Nov 5 15:04:50 2006
+++ php-src/ext/gd/libgd/gd_png.c Sun Dec 10 01:38:01 2006
@@ -58,7 +58,7 @@
* been defined.
*/
- php_gd_error_ex(E_ERROR, "gd-png: fatal libpng error: %s", msg);
+ php_gd_error_ex(E_WARNING, "gd-png: fatal libpng error: %s", msg);
jmpbuf_ptr = png_get_error_ptr (png_ptr);
if (jmpbuf_ptr == NULL) { /* we are completely hosed now */
@@ -200,6 +200,23 @@
png_set_packing (png_ptr); /* expand to 1 byte per pixel */
}
+ /* setjmp() must be called in every non-callback function that calls a
+ * PNG-reading libpng function
+ */
+#ifndef PNG_SETJMP_NOT_SUPPORTED
+ if (setjmp(gdPngJmpbufStruct.jmpbuf)) {
+ php_gd_error("gd-png error: setjmp returns error condition");
+ png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
+ gdFree(image_data);
+ gdFree(row_pointers);
+ if (im) {
+ gdImageDestroy(im);
+ }
+ return NULL;
+ }
+#endif
+
+
switch (color_type) {
case PNG_COLOR_TYPE_PALETTE:
png_get_PLTE(png_ptr, info_ptr, &palette, &num_palette);
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/bug39780.phpt?view=markup&rev=1.1
Index: php-src/ext/gd/tests/bug39780.phpt
+++ php-src/ext/gd/tests/bug39780.phpt
--TEST--
Bug #39780 (PNG image with CRC/data error raises a fatal error)
--SKIPIF--
<?php
if (!extension_loaded('gd')) die("skip gd extension not available\n");
if (!GD_BUNDLED) die('skip external GD libraries always fail');
?>
--FILE--
<?php
$im = imagecreatefrompng(dirname(__FILE__) . '/bug39780.png');
var_dump($im);
?>
--EXPECTF--
Warning: imagecreatefrompng(): gd-png: fatal libpng error: IDAT: CRC error in
%s on line %d
Warning: imagecreatefrompng(): gd-png error: setjmp returns error condition in
%s on line %d
Warning: imagecreatefrompng(): '%s' is not a valid PNG file in %s on line %d
bool(false)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
![[PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd gd.c /ext/gd/libgd gd_png.c /ext/gd/tests bug39780.phpt bug39780.png](/search?l=php-cvs@lists.php.net&q=subject:%22%5C%5BPHP%5C-CVS%5C%5D+cvs%5C%3A+php%5C-src%5C%28PHP_5_2%5C%29+%5C%2Fext%5C%2Fgd+gd.c++%5C%2Fext%5C%2Fgd%5C%2Flibgd+gd_png.c++%5C%2Fext%5C%2Fgd%5C%2Ftests+bug39780.phpt+bug39780.png%22&o=newest){kind=link}
