php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #37346 gd have a danger bug
Submitted: 2006-05-07 06:42 UTC Modified: 2006-05-07 17:23 UTC
Votes:4
Avg. Score:5.0 ± 0.0
Reproduced:4 of 4 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: zq dot hkrcn at gmail dot com Assigned: pajoye (profile)
Status: Closed Package: GD related
PHP Version: 5.1.4 OS: Windows 2000
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: zq dot hkrcn at gmail dot com
New email:
PHP Version: OS:

 

 [2006-05-07 06:42 UTC] zq dot hkrcn at gmail dot com 
Description:
------------
gd (ver 2.0.28) have a danger bug

a error image can pass php's test
but it would make a fatal error

other question:Could you tell me if you deal with bug report in Chinese?

i'm chinese
my english is very poor
here's the bug report in Chinese:

当有恶意的用户提交一个错误的图像文件
这个文件的文件头是正确的,但主体是错误的,没有结束
提交上去以后,就会引起 php 的致命错误
www 服务会停止

另外问一下:用中文报告会不会处理的?

Reproduce code:
---------------
<?php
$file = 'http://dev.hkrcn.com/testimg.gif';
$im = imagecreatefromgif($file);  // here a fatal error

Expected result:
----------------
cause a error,then stop running

Actual result:
--------------
memory-leak

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-07 06:51 UTC] cnstudentmail at Gmail dot com 
i have the same problem.
i think it's a very danger bug because a lots of server is using gd.
 [2006-05-07 10:03 UTC] derick@php.net 
We really need a report in english... many people here don't speak any chinese.
 [2006-05-07 12:50 UTC] pajoye@php.net 
I confirmed the problem, but there is in fact no error messages from php.
 [2006-05-07 17:23 UTC] pajoye@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed in all branches.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Dec 04 07:01:31 2024 UTC