php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

Patch 0003-Fix-DOS-vulnerability-in-gdImageCreateFromGd2Ctx.patch for GD related Bug #73868

Patch version 2017-01-05 10:31 UTC

Return to Bug #73868 | Download this patch
This patch is obsolete

Obsoleted by patches:

Patch Revisions:

Developer: ondrej

From 6b14e712913b43cf93bb0e7d7d91425b8ba809dc Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Tue, 16 Aug 2016 18:23:36 +0200
Subject: [PATCH 3/4] Fix DOS vulnerability in gdImageCreateFromGd2Ctx()

We must not pretend that there are image data if there are none. Instead
we fail reading the image file gracefully.

Conflicts:
	tests/gd2/CMakeLists.txt
---
 ext/gd/libgd/gd_gd2.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/ext/gd/libgd/gd_gd2.c b/ext/gd/libgd/gd_gd2.c
index d06f328..4a752d3 100644
--- a/ext/gd/libgd/gd_gd2.c
+++ b/ext/gd/libgd/gd_gd2.c
@@ -340,12 +340,16 @@ gdImagePtr gdImageCreateFromGd2Ctx (gdIOCtxPtr in)
 					for (x = xlo; x < xhi; x++) {
 						if (im->trueColor) {
 							if (!gdGetInt(&im->tpixels[y][x], in)) {
-								im->tpixels[y][x] = 0;
+								gd_error("gd2: EOF while reading\n");
+								gdImageDestroy(im);
+								return NULL;
 							}
 						} else {
 							int ch;
 							if (!gdGetByte(&ch, in)) {
-								ch = 0;
+								gd_error("gd2: EOF while reading\n");
+								gdImageDestroy(im);
+								return NULL;
 							}
 							im->pixels[y][x] = ch;
 						}
-- 
2.1.4

 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Thu Jul 20 20:01:42 2017 UTC