Fix bug #72730 - imagegammacorrect allows arbitrary write access

author: Stanislav Malyshev <stas@php.net> 2016-08-10 00:14:58 -0700
committer: Stanislav Malyshev <stas@php.net> 2016-08-16 22:55:40 -0700
commit: 1bd103df00f49cf4d4ade2cfe3f456ac058a4eae (patch)
tree: c8b65f7721f11f7e808edcc7235079ba22c6490b /ext/gd/gd.c
parent: a3598dd7c9b182debcb54b9322b1dece14c9b533 (diff)
download: php-git-1bd103df00f49cf4d4ade2cfe3f456ac058a4eae.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/ext/gd/gd.c b/ext/gd/gd.c
index 5c604b7a80..0fb9604108 100644
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -3082,6 +3082,11 @@ PHP_FUNCTION(imagegammacorrect)
 		return;
 	}
 
+	if ( input <= 0.0 || output <= 0.0 ) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Gamma values should be positive");
+		RETURN_FALSE;
+	}
+
 	ZEND_FETCH_RESOURCE(im, gdImagePtr, &IM, -1, "Image", le_gd);
 
 	if (gdImageTrueColor(im))	{
author	Stanislav Malyshev <stas@php.net>	2016-08-10 00:14:58 -0700
committer	Stanislav Malyshev <stas@php.net>	2016-08-16 22:55:40 -0700
commit	1bd103df00f49cf4d4ade2cfe3f456ac058a4eae (patch)
tree	c8b65f7721f11f7e808edcc7235079ba22c6490b /ext/gd/gd.c
parent	a3598dd7c9b182debcb54b9322b1dece14c9b533 (diff)
download	php-git-1bd103df00f49cf4d4ade2cfe3f456ac058a4eae.tar.gz