mirror of
https://github.com/php/php-src.git
synced 2025-08-18 15:08:55 +02:00
Fix segfault and potential security issue in imagerotate().
This commit is contained in:
Scott MacVicar
parent
d3ec4e3630
commit
29ab16ee67
2 changed files with 33 additions and 1 deletions
|
|
@ -3129,7 +3129,7 @@ gdImagePtr gdImageRotate (gdImagePtr src, double dAngle, int clrBack, int ignore
|
|||
return NULL;
|
||||
}
|
||||
|
||||
if (!gdImageTrueColor(src) && clrBack>=gdImageColorsTotal(src)) {
|
||||
if (!gdImageTrueColor(src) && (clrBack < 0 || clrBack>=gdImageColorsTotal(src))) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
|
|
|||
32
ext/gd/tests/imagerotate_overflow.phpt
Normal file
32
ext/gd/tests/imagerotate_overflow.phpt
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
--TEST--
|
||||
imagerotate() overflow with negative numbers
|
||||
--SKIPIF--
|
||||
<?php
|
||||
if (!extension_loaded('gd')) {
|
||||
die("skip gd extension not available.");
|
||||
}
|
||||
|
||||
if (!function_exists('imagerotate')) {
|
||||
die("skip imagerotate() not available.");
|
||||
}
|
||||
?>
|
||||
--FILE--
|
||||
<?php
|
||||
|
||||
$im = imagecreate(10, 10);
|
||||
|
||||
$tmp = imagerotate ($im, 5, -9999999);
|
||||
|
||||
var_dump($tmp);
|
||||
|
||||
if ($tmp) {
|
||||
imagedestroy($tmp);
|
||||
}
|
||||
|
||||
if ($im) {
|
||||
imagedestroy($im);
|
||||
}
|
||||
|
||||
?>
|
||||
--EXPECT--
|
||||
bool(false)
|
||||
Loading…
Add table
Add a link
Reference in a new issue