|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
Patch 0003-Fix-DOS-vulnerability-in-gdImageCreateFromGd2Ctx.patch for GD related Bug #73868Patch version 2017-01-05 10:31 UTC Return to Bug #73868 | Download this patchThis patch is obsolete Obsoleted by patches: Patch Revisions:Developer: ondrej
From 6b14e712913b43cf93bb0e7d7d91425b8ba809dc Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Tue, 16 Aug 2016 18:23:36 +0200
Subject: [PATCH 3/4] Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
We must not pretend that there are image data if there are none. Instead
we fail reading the image file gracefully.
Conflicts:
tests/gd2/CMakeLists.txt
---
ext/gd/libgd/gd_gd2.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/ext/gd/libgd/gd_gd2.c b/ext/gd/libgd/gd_gd2.c
index d06f328..4a752d3 100644
--- a/ext/gd/libgd/gd_gd2.c
+++ b/ext/gd/libgd/gd_gd2.c
@@ -340,12 +340,16 @@ gdImagePtr gdImageCreateFromGd2Ctx (gdIOCtxPtr in)
for (x = xlo; x < xhi; x++) {
if (im->trueColor) {
if (!gdGetInt(&im->tpixels[y][x], in)) {
- im->tpixels[y][x] = 0;
+ gd_error("gd2: EOF while reading\n");
+ gdImageDestroy(im);
+ return NULL;
}
} else {
int ch;
if (!gdGetByte(&ch, in)) {
- ch = 0;
+ gd_error("gd2: EOF while reading\n");
+ gdImageDestroy(im);
+ return NULL;
}
im->pixels[y][x] = ch;
}
--
2.1.4
|
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Nov 15 07:00:01 2025 UTC |