php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #66901
Patch bug66901-fix.patch revision 2014-04-01 21:03 UTC by mejiaa at amazon dot com

Patch bug66901-fix.patch for GD related Bug #66901

Patch version 2014-04-01 21:03 UTC

Return to Bug #66901 | Download this patch
Patch Revisions:

Developer: mejiaa@amazon.com

Description: Patch to fix PHP bug 66901.
Author: Andres Mejia <mejiaa@amazon.com>
Forwarded: no

--- a/ext/gd/libgd/gdxpm.c
+++ b/ext/gd/libgd/gdxpm.c
@@ -39,6 +39,13 @@
 	number = image.ncolors;
 	colors = (int *) safe_emalloc(number, sizeof(int), 0);
 	for (i = 0; i < number; i++) {
+		if (!image.colorTable[i].c_color)
+		{
+			/* unsupported color key or color key not defined */
+			gdImageDestroy(im);
+			im = 0;
+			goto done;
+		}
 		switch (strlen (image.colorTable[i].c_color)) {
 			case 4:
 				buf[1] = '\0';
@@ -125,8 +132,8 @@
 		}
 	}
 
-	gdFree(colors);
  done:
+	gdFree(colors);
 	XpmFreeXpmImage(&image);
 	XpmFreeXpmInfo(&info);
 	return im;
--- /dev/null
+++ b/ext/gd/tests/bug66901.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #66901 (php-gd 'c_color' NULL pointer dereference)
+--SKIPIF--
+<?php
+  if (!extension_loaded('gd')) die("skip gd extension not available\n");
+  if (!function_exists("imagecreatefromxpm")) die("skip xpm read support unavailable");
+?>
+--FILE--
+<?php
+$xpm = @imagecreatefromxpm(dirname(__FILE__) . "/bug66901.xpm");
+var_dump($xpm);
+print "OK";
+?>
+--EXPECTF--
+bool(false)
+OK
--- /dev/null
+++ b/ext/gd/tests/bug66901.xpm
@@ -0,0 +1,20 @@
+/* XPM */
+static char * XFACE[] = {
+/* <Values> */
+/* <width/cols> <height/rows> <colors> <char on pixel>*/
+"48 4 6 1",
+/* <Colors> */
+"a c #FFFFFF " /* "0" */,
+"b c #CCCCCC " /* "0.0399" */,
+"c c #999999 " /* "0.0798" */,
+"d m #666666 " /* "0.12" NOTE: this is monochrome/monovisual */,
+"e c #333333 " /* "0.16" */,
+"f c #000000 " /* "0.2" */,
+/* x-axis: 0 40 80 120 160 200 240 280 320 360 400 440 480 */
+/* y-axis: 0 40 80 120 160 200 240 280 320 360 400 440 480 */
+/* <Pixels> */
+"abaabaababaaabaabababaabaabaababaabaaababaabaaab",
+"abaabaababaaabaabababaabaabaababaabaaababaabaaab",
+"abaabaababaaabaabababaabaabaababaabaaababaabaaab",
+"abaabaababaaabaabababaabaabaababaabaaababaabaaab"
+};
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Sep 28 18:01:25 2020 UTC