diff --git a/NEWS b/NEWS index b005320f61d..c175cd37371 100644 --- a/NEWS +++ b/NEWS @@ -31,6 +31,10 @@ PHP NEWS . Fixed bug GH-16151 (Assertion failure in ext/dom/parentnode/tree.c). (nielsdos) +- GD: + . Fixed bug 16232 (bitshift overflow on wbmp file content reading / + fix backport from upstream). (David Carlier) + - LDAP: . Fixed bug GH-16032 (Various NULL pointer dereferencements in ldap_modify_batch()). (Girgias) diff --git a/ext/gd/libgd/wbmp.c b/ext/gd/libgd/wbmp.c index 4c3eeee7df8..dbca0f0178c 100644 --- a/ext/gd/libgd/wbmp.c +++ b/ext/gd/libgd/wbmp.c @@ -37,7 +37,8 @@ int getmbi (int (*getin) (void *in), void *in) { - int i, mbi = 0; + unsigned int mbi = 0; + int i; do { diff --git a/ext/gd/tests/gh16232.phpt b/ext/gd/tests/gh16232.phpt new file mode 100644 index 00000000000..7f839d737bb --- /dev/null +++ b/ext/gd/tests/gh16232.phpt @@ -0,0 +1,27 @@ +--TEST-- +GH-16232 (Overflow on reading wbmp content) +--EXTENSIONS-- +gd +--FILE-- +