diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2016-08-16 18:23:36 +0200 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2016-12-13 15:33:42 +0100 |
| commit | fe9ed49dafa993e3af96b6a5a589efeea9bfb36f (patch) | |
| tree | 96e1870f69de8975d3fc6c2407807c075059a70b /tests | |
| parent | 60bfb401ad5a4a8ae995dcd36372fe15c71e1a35 (diff) | |
| download | libgd-fe9ed49dafa993e3af96b6a5a589efeea9bfb36f.tar.gz | |
Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
We must not pretend that there are image data if there are none. Instead
we fail reading the image file gracefully.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/gd2/.gitignore | 1 | ||||
| -rw-r--r-- | tests/gd2/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | tests/gd2/Makemodule.am | 7 | ||||
| -rw-r--r-- | tests/gd2/too_few_image_data.c | 22 | ||||
| -rw-r--r-- | tests/gd2/too_few_image_data.gd2 | bin | 0 -> 1050 bytes |
5 files changed, 29 insertions, 2 deletions
diff --git a/tests/gd2/.gitignore b/tests/gd2/.gitignore index 136a2d5..39d8bf4 100644 --- a/tests/gd2/.gitignore +++ b/tests/gd2/.gitignore @@ -6,3 +6,4 @@ /gd2_read /gd2_read_corrupt /php_bug_72339 +/too_few_image_data diff --git a/tests/gd2/CMakeLists.txt b/tests/gd2/CMakeLists.txt index 8fcc906..5a61d11 100644 --- a/tests/gd2/CMakeLists.txt +++ b/tests/gd2/CMakeLists.txt @@ -7,6 +7,7 @@ LIST(APPEND TESTS_FILES php_bug_72339 gd2_read gd2_read_corrupt + too_few_image_data ) ADD_GD_TESTS() diff --git a/tests/gd2/Makemodule.am b/tests/gd2/Makemodule.am index d69aee0..c1fbf44 100644 --- a/tests/gd2/Makemodule.am +++ b/tests/gd2/Makemodule.am @@ -3,7 +3,8 @@ libgd_test_programs += \ gd2/bug00309 \ gd2/gd2_empty_file \ gd2/php_bug_72339 \ - gd2/gd2_read_corrupt + gd2/gd2_read_corrupt \ + gd2/too_few_image_data if HAVE_LIBZ libgd_test_programs += \ @@ -23,4 +24,6 @@ EXTRA_DIST += \ gd2/conv_test_exp.png \ gd2/empty.gd2 \ gd2/invalid_header.gd2 \ - gd2/invalid_neg_size.gd2 + gd2/invalid_neg_size.gd2 \ + gd2/php_bug_72339_exp.gd2 \ + gd2/too_few_image_data.gd2 diff --git a/tests/gd2/too_few_image_data.c b/tests/gd2/too_few_image_data.c new file mode 100644 index 0000000..3153a08 --- /dev/null +++ b/tests/gd2/too_few_image_data.c @@ -0,0 +1,22 @@ +/* +too_few_image_data.gd2 claims to have a size of 12336x48 pixels, but doesn't +provide as much image data. We test that gdImageCreateFromGd2Ctx() returns NULL +in this case. +*/ + +#include "gd.h" +#include "gdtest.h" + +int main() +{ + gdImagePtr im; + FILE *fp; + + fp = gdTestFileOpen2("gd2", "too_few_image_data.gd2"); + gdTestAssert(fp != NULL); + im = gdImageCreateFromGd2(fp); + gdTestAssert(im == NULL); + fclose(fp); + + return gdNumFailures(); +} diff --git a/tests/gd2/too_few_image_data.gd2 b/tests/gd2/too_few_image_data.gd2 Binary files differnew file mode 100644 index 0000000..1c797d1 --- /dev/null +++ b/tests/gd2/too_few_image_data.gd2 |