php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73213 Integer overflow in imageline() with antialiasing
Submitted: 2016-09-30 20:52 UTC Modified: 2016-09-30 20:52 UTC
From: cmb@php.net Assigned: cmb
Status: Closed Package: GD related
PHP Version: 5.6.26 OS: 32bit,LLP64
Private report: No CVE-ID:
 [2016-09-30 20:52 UTC] cmb@php.net
Description:
------------
Drawing very large antialised lines causes integer overflows in
gdImageAALine(), what can lead to strange results and even
crashes.

This issue had been reported upstream as
<https://github.com/libgd/libgd/issues/5> and fixed, but the fix
didn't yet make it to PHP's bundled libgd.


Test script:
---------------
<?php

$im = imagecreatetruecolor(32768, 1);
$black = imagecolorallocate($im, 0, 0, 0);
imageantialias($im, true);

imageline($im, 0,0, 32767,0, $black);

imagepng($im, __DIR__ . DIRECTORY_SEPARATOR . 'aa-bug.png');


Expected result:
----------------
A PNG image with a line.

Actual result:
--------------
PHP crashes.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-09-30 20:52 UTC] cmb@php.net
-Assigned To: +Assigned To: cmb
 [2016-09-30 22:08 UTC] cmb@php.net
Automatic comment on behalf of cmb
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9acfb1a3a5268febb123b7e5fbd4eaf072c83537
Log: Fix #73213: Integer overflow in imageline() with antialiasing
 [2016-09-30 22:08 UTC] cmb@php.net
-Status: Assigned +Status: Closed
 [2016-10-17 10:07 UTC] bwoebi@php.net
Automatic comment on behalf of cmb
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9acfb1a3a5268febb123b7e5fbd4eaf072c83537
Log: Fix #73213: Integer overflow in imageline() with antialiasing
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC