diff options
author | Pierre Joye <pierre.php@gmail.com> | 2016-07-19 14:45:56 +0700 |
---|---|---|
committer | Pierre Joye <pierre.php@gmail.com> | 2016-07-19 14:45:56 +0700 |
commit | 0dd40abd6d5b3e53a6b745dd4d6cf94b70010989 (patch) | |
tree | 8e67ed82970f912c483f3cc46c1ee3804b04abec /tests/gdimagescale | |
parent | d5ed6e9254576f840d3c1c8aa312559019126ba6 (diff) | |
download | libgd-0dd40abd6d5b3e53a6b745dd4d6cf94b70010989.tar.gz |
fix possible OOB or OOM in gdImageScale, reported by Secunia (CVE 2016-6207)
Diffstat (limited to 'tests/gdimagescale')
-rw-r--r-- | tests/gdimagescale/CMakeLists.txt | 1 | ||||
-rw-r--r-- | tests/gdimagescale/Makemodule.am | 3 | ||||
-rw-r--r-- | tests/gdimagescale/bug_overflow_large_new_size.c | 31 |
3 files changed, 34 insertions, 1 deletions
diff --git a/tests/gdimagescale/CMakeLists.txt b/tests/gdimagescale/CMakeLists.txt index 4e1a4fb..f5ebf2e 100644 --- a/tests/gdimagescale/CMakeLists.txt +++ b/tests/gdimagescale/CMakeLists.txt @@ -1,5 +1,6 @@ LIST(APPEND TESTS_FILES github_bug_00218 + bug_overflow_large_new_size ) ADD_GD_TESTS() diff --git a/tests/gdimagescale/Makemodule.am b/tests/gdimagescale/Makemodule.am index dacabe7..23b8924 100644 --- a/tests/gdimagescale/Makemodule.am +++ b/tests/gdimagescale/Makemodule.am @@ -1,6 +1,7 @@ libgd_test_programs += \ - gdimagescale/github_bug_00218 + gdimagescale/github_bug_00218 \ + gdimagescale/bug_overflow_large_new_size EXTRA_DIST += \ gdimagescale/CMakeLists.txt diff --git a/tests/gdimagescale/bug_overflow_large_new_size.c b/tests/gdimagescale/bug_overflow_large_new_size.c new file mode 100644 index 0000000..0a8503b --- /dev/null +++ b/tests/gdimagescale/bug_overflow_large_new_size.c @@ -0,0 +1,31 @@ +#include <stdio.h> +#include <stdlib.h> +#include "gd.h" +#include <math.h> + +#include "gdtest.h" + +int main() +{ + gdImagePtr im, im2; + + im = gdImageCreate(1,1); + if (im == NULL) { + printf("gdImageCreate failed\n"); + return 1; + } + gdImageSetInterpolationMethod(im, GD_BELL); + + /* here the call may pass if the system has enough memory (physical or swap) + or fails (overflow check or alloc fails. + in both cases the tests pass */ + im2 = gdImageScale(im,0x15555556, 1); + if (im2 == NULL) { + printf("gdImageScale failed, expected (out of memory or overflow validation\n"); + return 0; + } + gdImageDestroy(im); + gdImageDestroy(im2); + + return 0; +} |