PHP :: Bug #73957 :: signed integer conversion in imagescale()

Bug #73957

signed integer conversion in imagescale()

Submitted:

2017-01-18 19:11 UTC

Modified:

2017-01-18 19:12 UTC

Votes:	2
Avg. Score:	2.0 ± 1.0
Reproduced:	1 of 2 (50.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

cmb@php.net

Assigned:

cmb (profile)

Status:

Closed

Package:

GD related

PHP Version:

7.0.15RC1

OS:

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	cmb@php.net
New email:
PHP Version:		OS:

New Comment:

[2017-01-18 19:11 UTC] cmb@php.net

Description:
------------
The int parameters given to imagescale() are converted from
zend_long to int without checking their range[1]. This allows for
silent truncation, and even worse, the result of signed integer
conversion is unspecified if the value cannot be represented by
the target type.

[1] <https://github.com/php/php-src/blob/PHP-7.0.15/ext/gd/gd.c#L4691-L4725>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-01-18 19:12 UTC] cmb@php.net

-Assigned To: +Assigned To: cmb

[2018-03-09 23:38 UTC] cmb@php.net

Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f1b358c9a928e28e58bb23c5d5baa723df4638e0
Log: Fix #73957: signed integer conversion in imagescale()

[2018-03-09 23:38 UTC] cmb@php.net

-Status: Assigned +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 15:01:30 2024 UTC