|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2017-01-09 17:14 UTC] cmb@php.net
-Assigned To:
+Assigned To: cmb
[2017-01-10 18:21 UTC] cmb@php.net
-Type: Security
+Type: Bug
-PHP Version: 7.1.0
+PHP Version: 7.0.14
[2017-01-10 18:21 UTC] cmb@php.net
[2017-01-10 19:03 UTC] cmb@php.net
[2017-01-10 19:03 UTC] cmb@php.net
-Status: Assigned
+Status: Closed
[2017-01-10 19:15 UTC] cmb@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 06 00:00:02 2025 UTC |
Description: ------------ I find a hidden danger of death cycle in a function of gd:gdImageRotate in the file gd_rotate.c. Although from the version 5.5.0 the function is changed to another function:gdImageRotateInterpolated(not for the reason I proposed),but the original is not deleted.So,I think it is a hidden danger of death cycle. while (dAngle >= 360.0) { dAngle -= 360.0; } dAngle is a double.When it is assigned a large floating point number e.g:1e20,the function goes to a death cycle because 1e20-360.0=1e20! The following script only goes wrong in the version before 5.5.0.But I still think it is a hidden danger since the function gd:gdImageRotate is not deleted. Test script: --------------- <?php // File and rotation $filename = 'dog.jpg'; $angle = 2e30; $im = imagecreatefromjpeg($filename); // Content type header('Content-type: image/jpeg'); // Load $source = imagecreatefromjpeg($filename); // Rotate $rotate = imagerotate($source, $angle, 0); // Output imagejpeg($rotate,'dogrotate.jpg'); imagejpeg($source); ?> Expected result: ---------------- Rotate the image with right angle. Actual result: -------------- death cycle