[PHP-CVS] cvs: php-src /ext/gd/libgd gd_gd.c /ext/gd/tests libgd00101.gd libgd00101.phpt

Thu, 09 Aug 2007 07:22:49 -0700 

mattias         Thu Aug  9 14:22:38 2007 UTC

  Modified files:              
    /php-src/ext/gd/libgd       gd_gd.c 
    /php-src/ext/gd/tests       libgd00101.phpt libgd00101.gd 
  Log:
  -MFB: libgd #101, imagecreatefromgd can crash if gdImageCreate fails
  
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gd.c?r1=1.8&r2=1.9&diff_format=u
Index: php-src/ext/gd/libgd/gd_gd.c
diff -u php-src/ext/gd/libgd/gd_gd.c:1.8 php-src/ext/gd/libgd/gd_gd.c:1.9
--- php-src/ext/gd/libgd/gd_gd.c:1.8    Mon Mar 29 18:20:33 2004
+++ php-src/ext/gd/libgd/gd_gd.c        Thu Aug  9 14:22:38 2007
@@ -122,6 +122,9 @@
        } else {
                im = gdImageCreate(*sx, *sy);
        }
+       if(!im) {
+               goto fail1;
+       }
        if (!_gdGetColors(in, im, gd2xFlag)) {
                goto fail2;
        }
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00101.phpt?r1=1.1&r2=1.2&diff_format=u
Index: php-src/ext/gd/tests/libgd00101.phpt
diff -u /dev/null php-src/ext/gd/tests/libgd00101.phpt:1.2
--- /dev/null   Thu Aug  9 14:22:38 2007
+++ php-src/ext/gd/tests/libgd00101.phpt        Thu Aug  9 14:22:38 2007
@@ -0,0 +1,18 @@
+--TEST--
+libgd #101 (imagecreatefromgd can crash if gdImageCreate fails)
+--SKIPIF--
+<?php
+       if (!extension_loaded('gd')) die("skip gd extension not available\n");
+       if (!GD_BUNDLED) die("skip requires bundled GD library\n");
+?>
+--FILE--
+<?php
+$im = imagecreatefromgd(dirname(__FILE__) . '/libgd00101.gd');
+var_dump($im);
+?>
+--EXPECTF--
+Warning: imagecreatefromgd(): gd warning: product of memory allocation 
multiplication would exceed INT_MAX, failing operation gracefully
+ in %slibgd00101.php on line %d
+
+Warning: imagecreatefromgd(): '%slibgd00101.gd' is not a valid GD file in 
%slibgd00101.php on line %d
+bool(false)
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00101.gd?r1=1.1&r2=1.2&diff_format=u
Index: php-src/ext/gd/tests/libgd00101.gd
diff -u /dev/null php-src/ext/gd/tests/libgd00101.gd:1.2
--- /dev/null   Thu Aug  9 14:22:38 2007
+++ php-src/ext/gd/tests/libgd00101.gd  Thu Aug  9 14:22:38 2007
@@ -0,0 +1 @@
+ÿýÿý
\ No newline at end of file

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to