From 96e42403d5e5e3e9c39522bda3017b03a8fe2ebc Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Sun, 19 Jul 2015 17:32:53 +0200 Subject: [PATCH] Fix #66590: imagewebp() doesn't pad to even length The code in the bundled libgd uses libvpx and writes the riff manually. The code generates the correct even size, but neglects the padding. It's possible older versions of libwebp would decode this, but libwebp 0.4.0 does not. Let's apply the patch supplied by one of the WebP developers. --- ext/gd/libgd/webpimg.c | 13 +++++++++++++ ext/gd/tests/bug66590.phpt | 27 +++++++++++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 ext/gd/tests/bug66590.phpt diff --git a/ext/gd/libgd/webpimg.c b/ext/gd/libgd/webpimg.c index 4962c22e6c9..1b160232f20 100644 --- a/ext/gd/libgd/webpimg.c +++ b/ext/gd/libgd/webpimg.c @@ -779,6 +779,19 @@ WebPResult WebPEncode(const uint8* Y, (chunk_size >> 24) & 255 }; memcpy(*p_out, kRiffHeader, kRiffHeaderSize); + if (img_size_bytes & 1) { /* write a padding byte */ + const int new_size = *p_out_size_bytes + 1; + unsigned char* p = (unsigned char*)realloc(*p_out, new_size); + if (p == NULL) { + free(*p_out); + *p_out = NULL; + *p_out_size_bytes = 0; + return webp_failure; + } + p[new_size - 1] = 0; + *p_out_size_bytes = new_size; + } + if (psnr) { *psnr = WebPGetPSNR(Y, U, V, *p_out, *p_out_size_bytes); } diff --git a/ext/gd/tests/bug66590.phpt b/ext/gd/tests/bug66590.phpt new file mode 100644 index 00000000000..a3c5409d6b5 --- /dev/null +++ b/ext/gd/tests/bug66590.phpt @@ -0,0 +1,27 @@ +--TEST-- +Bug #66590 (imagewebp() doesn't pad to even length) +--SKIPIF-- + +--FILE-- + +--CLEAN-- + +--EXPECT-- +bool(true)