php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #37346 gd have a danger bug
Submitted: 2006-05-07 06:42 UTC Modified: 2006-05-07 17:23 UTC
Votes:4
Avg. Score:5.0 ± 0.0
Reproduced:4 of 4 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: zq dot hkrcn at gmail dot com Assigned: pajoye (profile)
Status: Closed Package: GD related
PHP Version: 5.1.4 OS: Windows 2000
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2006-05-07 06:42 UTC] zq dot hkrcn at gmail dot com 
Description:
------------
gd (ver 2.0.28) have a danger bug

a error image can pass php's test
but it would make a fatal error

other question:Could you tell me if you deal with bug report in Chinese?

i'm chinese
my english is very poor
here's the bug report in Chinese:

当有恶意的用户提交一个错误的图像文件
这个文件的文件头是正确的,但主体是错误的,没有结束
提交上去以后,就会引起 php 的致命错误
www 服务会停止

另外问一下:用中文报告会不会处理的?

Reproduce code:
---------------
<?php
$file = 'http://dev.hkrcn.com/testimg.gif';
$im = imagecreatefromgif($file);  // here a fatal error

Expected result:
----------------
cause a error,then stop running

Actual result:
--------------
memory-leak

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-07 06:51 UTC] cnstudentmail at Gmail dot com 
i have the same problem.
i think it's a very danger bug because a lots of server is using gd.
 [2006-05-07 10:03 UTC] derick@php.net 
We really need a report in english... many people here don't speak any chinese.
 [2006-05-07 12:50 UTC] pajoye@php.net 
I confirmed the problem, but there is in fact no error messages from php.
 [2006-05-07 17:23 UTC] pajoye@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed in all branches.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 23 10:01:29 2024 UTC