php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37360 imageCreateFromGIF have a memory-leak bug
Submitted: 2006-05-08 05:40 UTC Modified: 2006-05-08 11:58 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: cnteacher at discuz dot com Assigned: pajoye
Status: Closed Package: GD related
PHP Version: 5CVS-2006-05-08 (snap) OS: win32/*nix
Private report: No CVE-ID:
 [2006-05-08 05:40 UTC] cnteacher at discuz dot com
Description:
------------
When I use the function 'imageCreateFromGIF' with some special images (GIF), the memory will be ran out. I test it with all GD version (above 2.0.28).

Reproduce code:
---------------
$file = 'specialimg.gif';
$im = imagecreatefromgif($file); 

Expected result:
----------------
the memory ran out, and my web server is down.

Actual result:
--------------
I put the special gif file on my friend's web, you can download it from http://www.freediscuz.net/specialgif.zip.
I think some one can use this bug to attack web server. It's so danger.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-08 05:44 UTC] cnteacher at discuz dot com
The test gif url

http://www.freediscuz.net/tools/specialgif.zip
 [2006-05-08 05:59 UTC] cnteacher at discuz dot com
Sorry.

If you get an Forbidden error,

you must visit www.freediscuz.net first, and than type the file's url in brower.
 [2006-05-08 08:16 UTC] judas dot iscariote at gmail dot com
duplicated of http://bugs.php.net/bug.php?id=37346

already fixed in CVS
 [2006-05-08 08:19 UTC] derick@php.net
Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same. 

Thank you for your interest in PHP.

Dup of bug #37346
 [2006-05-08 08:36 UTC] cnteacher at discuz dot com
I regret that you see it like that.

Did you have a test of my file?

I've already read bug #37346 , and got the newest version GD from http://snaps.php.net/ ( Stable 5.2.x-dev Built On: May 08, 2006 06:30 GMT ). But, when I test it with the special file, my server was down.
 [2006-05-08 11:58 UTC] pajoye@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

All branches contain the fix.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 24 21:01:55 2014 UTC