mirror of
https://github.com/php/php-src.git
synced 2025-08-18 15:08:55 +02:00
Fix segfault and potential security issue in imagerotate().
This commit is contained in:
Scott MacVicar
parent
d3ec4e3630
commit
29ab16ee67
2 changed files with 33 additions and 1 deletions
|
|
@ -3129,7 +3129,7 @@ gdImagePtr gdImageRotate (gdImagePtr src, double dAngle, int clrBack, int ignore
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!gdImageTrueColor(src) && clrBack>=gdImageColorsTotal(src)) {
|
if (!gdImageTrueColor(src) && (clrBack < 0 || clrBack>=gdImageColorsTotal(src))) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
32
ext/gd/tests/imagerotate_overflow.phpt
Normal file
32
ext/gd/tests/imagerotate_overflow.phpt
Normal file
|
|
@ -0,0 +1,32 @@
|
||||||
|
--TEST--
|
||||||
|
imagerotate() overflow with negative numbers
|
||||||
|
--SKIPIF--
|
||||||
|
<?php
|
||||||
|
if (!extension_loaded('gd')) {
|
||||||
|
die("skip gd extension not available.");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!function_exists('imagerotate')) {
|
||||||
|
die("skip imagerotate() not available.");
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
--FILE--
|
||||||
|
<?php
|
||||||
|
|
||||||
|
$im = imagecreate(10, 10);
|
||||||
|
|
||||||
|
$tmp = imagerotate ($im, 5, -9999999);
|
||||||
|
|
||||||
|
var_dump($tmp);
|
||||||
|
|
||||||
|
if ($tmp) {
|
||||||
|
imagedestroy($tmp);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($im) {
|
||||||
|
imagedestroy($im);
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
|
--EXPECT--
|
||||||
|
bool(false)
|
||||||
Loading…
Add table
Add a link
Reference in a new issue