mattias Thu Aug 9 14:22:38 2007 UTC Modified files: /php-src/ext/gd/libgd gd_gd.c /php-src/ext/gd/tests libgd00101.phpt libgd00101.gd Log: -MFB: libgd #101, imagecreatefromgd can crash if gdImageCreate fails http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gd.c?r1=1.8&r2=1.9&diff_format=u Index: php-src/ext/gd/libgd/gd_gd.c diff -u php-src/ext/gd/libgd/gd_gd.c:1.8 php-src/ext/gd/libgd/gd_gd.c:1.9 --- php-src/ext/gd/libgd/gd_gd.c:1.8 Mon Mar 29 18:20:33 2004 +++ php-src/ext/gd/libgd/gd_gd.c Thu Aug 9 14:22:38 2007 @@ -122,6 +122,9 @@ } else { im = gdImageCreate(*sx, *sy); } + if(!im) { + goto fail1; + } if (!_gdGetColors(in, im, gd2xFlag)) { goto fail2; } http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00101.phpt?r1=1.1&r2=1.2&diff_format=u Index: php-src/ext/gd/tests/libgd00101.phpt diff -u /dev/null php-src/ext/gd/tests/libgd00101.phpt:1.2 --- /dev/null Thu Aug 9 14:22:38 2007 +++ php-src/ext/gd/tests/libgd00101.phpt Thu Aug 9 14:22:38 2007 @@ -0,0 +1,18 @@ +--TEST-- +libgd #101 (imagecreatefromgd can crash if gdImageCreate fails) +--SKIPIF-- +<?php + if (!extension_loaded('gd')) die("skip gd extension not available\n"); + if (!GD_BUNDLED) die("skip requires bundled GD library\n"); +?> +--FILE-- +<?php +$im = imagecreatefromgd(dirname(__FILE__) . '/libgd00101.gd'); +var_dump($im); +?> +--EXPECTF-- +Warning: imagecreatefromgd(): gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully + in %slibgd00101.php on line %d + +Warning: imagecreatefromgd(): '%slibgd00101.gd' is not a valid GD file in %slibgd00101.php on line %d +bool(false) http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00101.gd?r1=1.1&r2=1.2&diff_format=u Index: php-src/ext/gd/tests/libgd00101.gd diff -u /dev/null php-src/ext/gd/tests/libgd00101.gd:1.2 --- /dev/null Thu Aug 9 14:22:38 2007 +++ php-src/ext/gd/tests/libgd00101.gd Thu Aug 9 14:22:38 2007 @@ -0,0 +1 @@ +ÿýÿý \ No newline at end of file
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php