diff options
author | Ilia Alshanetsky <iliaa@php.net> | 2004-07-30 01:10:46 +0000 |
---|---|---|
committer | Ilia Alshanetsky <iliaa@php.net> | 2004-07-30 01:10:46 +0000 |
commit | ef6cfdbec3d862b12bc407e0e528f2daf3f0e14b (patch) | |
tree | 13354a5f718e14877573a31d569a7a0ec8808a28 | |
parent | 00f869c0a77f666523342071dc1bae6026f03feb (diff) | |
download | php-git-ef6cfdbec3d862b12bc407e0e528f2daf3f0e14b.tar.gz |
MFH: Fixed bug #29443 (Sanity check for wbmp detection).
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | ext/standard/image.c | 5 |
2 files changed, 6 insertions, 0 deletions
@@ -4,6 +4,7 @@ PHP 4 NEWS - Updated PCRE to provide better error handling in certain cases. (Andrei) - NSAPI: added "bucket" parameter to list of non-php.ini-keys of php4_execute for doing performance stats without warnings in server-log. (Uwe Schindler) +- Fixed bug #29443 (Sanity check for wbmp detection). (Ilia) - Fixed bug #29369 (Uploaded files with ' or " in their names get their names truncated at those characters). (Ilia) - Fixed bug #29349 (imagecreatefromstring() crashes with external GD library). diff --git a/ext/standard/image.c b/ext/standard/image.c index cef34dd8d1..b0782e3780 100644 --- a/ext/standard/image.c +++ b/ext/standard/image.c @@ -940,6 +940,11 @@ static int php_get_wbmp(php_stream *stream, struct gfxinfo **result, int check T } height = (height << 7) | (i & 0x7f); } while (i & 0x80); + + /* maximum valid sizes for wbmp (although 127x127 may be a more accurate one) */ + if (height > 2048 || width > 2048) { + return 0; + } if (!check) { (*result)->width = width; |