diff options
author | Xinchen Hui <laruence@gmail.com> | 2016-08-17 17:14:30 +0800 |
---|---|---|
committer | Xinchen Hui <laruence@gmail.com> | 2016-08-17 17:14:30 +0800 |
commit | ce6ad9bdd96dd3702ef248e5e364400402620dbc (patch) | |
tree | e4568a0b9239c67999fccb6f75f935a37419f5c7 /ext/gd/gd.c | |
parent | e47773b6266a8bb6d39af7f3ed5630c4698c2f76 (diff) | |
parent | 1dab8e07f2e14221f534202e7d0c03600b3259eb (diff) | |
download | php-git-ce6ad9bdd96dd3702ef248e5e364400402620dbc.tar.gz |
Merge branch 'PHP-7.0' into PHP-7.1
* PHP-7.0: (48 commits)
Update NEWs
Unused label
Fixed bug #72853 (stream_set_blocking doesn't work)
fix test
Bug #72663 - part 3
Bug #72663 - part 2
Bug #72663 - part 1
Update NEWS
BLock test with memory leak
fix tests
Fix TSRM build
Fix bug #72850 - integer overflow in uuencode
Fixed bug #72849 - integer overflow in urlencode
Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Fix bug #72836 - integer overflow in base64_decode caused heap corruption
Fix for bug #72807 - do not produce strings with negative length
Fix for bug #72790 and bug #72799
Fix bug #72730 - imagegammacorrect allows arbitrary write access
...
Conflicts:
ext/standard/var_unserializer.c
Diffstat (limited to 'ext/gd/gd.c')
-rw-r--r-- | ext/gd/gd.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/ext/gd/gd.c b/ext/gd/gd.c index d0eea0bd0b..d2655a6022 100644 --- a/ext/gd/gd.c +++ b/ext/gd/gd.c @@ -1537,11 +1537,11 @@ PHP_FUNCTION(imagetruecolortopalette) RETURN_FALSE; } - if (ncolors <= 0) { - php_error_docref(NULL, E_WARNING, "Number of colors has to be greater than zero"); + if (ncolors <= 0 || ZEND_LONG_INT_OVFL(ncolors)) { + php_error_docref(NULL, E_WARNING, "Number of colors has to be greater than zero and no more than %d", INT_MAX); RETURN_FALSE; } - gdImageTrueColorToPalette(im, dither, ncolors); + gdImageTrueColorToPalette(im, dither, (int)ncolors); RETURN_TRUE; } @@ -3039,6 +3039,11 @@ PHP_FUNCTION(imagegammacorrect) return; } + if ( input <= 0.0 || output <= 0.0 ) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Gamma values should be positive"); + RETURN_FALSE; + } + if ((im = (gdImagePtr)zend_fetch_resource(Z_RES_P(IM), "Image", le_gd)) == NULL) { RETURN_FALSE; } |