diff options
author | Stanislav Malyshev <stas@php.net> | 2017-07-04 21:18:04 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2017-07-04 21:18:10 -0700 |
commit | 0ba04f77379b5d277f5bd190c1542a0d91289978 (patch) | |
tree | d0dc321d8693b165a176241d28ad1813609fe162 /ext/gd | |
parent | 1fa8e74d6eebaa19174ea56581f23b13e6b77000 (diff) | |
parent | 54840f9c8f9edb4c243f7f2d7ffbb61759ef9507 (diff) | |
download | php-git-0ba04f77379b5d277f5bd190c1542a0d91289978.tar.gz |
Merge branch 'PHP-7.0' into PHP-7.1
* PHP-7.0:
Improve fix for #74145
Fix wddx
Fix tests
Fixed bug #74111
Fix bug #74603 - use correct buffer size
Fix bug #74651 - check EVP_SealInit as it can return -1
Update NEWS
Fix bug #74087
Fixed parsing of strange formats with mixed month/day and time strings
Fix bug #74145 - wddx parsing empty boolean tag leads to SIGSEGV
Fixed bug #74111
Fix #74435: Buffer over-read into uninitialized memory
Fix bug #74603 - use correct buffer size
Fix bug #74651 - check EVP_SealInit as it can return -1
Update NEWS
Fix bug #73807
Diffstat (limited to 'ext/gd')
-rw-r--r-- | ext/gd/libgd/gd_gif_in.c | 3 | ||||
-rw-r--r-- | ext/gd/tests/bug74435.gif | bin | 0 -> 11464 bytes | |||
-rw-r--r-- | ext/gd/tests/bug74435.phpt | 27 |
3 files changed, 30 insertions, 0 deletions
diff --git a/ext/gd/libgd/gd_gif_in.c b/ext/gd/libgd/gd_gif_in.c index 74b7493331..76ba152035 100644 --- a/ext/gd/libgd/gd_gif_in.c +++ b/ext/gd/libgd/gd_gif_in.c @@ -147,6 +147,9 @@ gdImagePtr gdImageCreateFromGifCtx(gdIOCtxPtr fd) /* {{{ */ int haveGlobalColormap; gdImagePtr im = 0; + memset(ColorMap, 0, 3 * MAXCOLORMAPSIZE); + memset(localColorMap, 0, 3 * MAXCOLORMAPSIZE); + /*1.4//imageNumber = 1; */ if (! ReadOK(fd,buf,6)) { return 0; diff --git a/ext/gd/tests/bug74435.gif b/ext/gd/tests/bug74435.gif Binary files differnew file mode 100644 index 0000000000..92fbb7ff20 --- /dev/null +++ b/ext/gd/tests/bug74435.gif diff --git a/ext/gd/tests/bug74435.phpt b/ext/gd/tests/bug74435.phpt new file mode 100644 index 0000000000..9d11eb3839 --- /dev/null +++ b/ext/gd/tests/bug74435.phpt @@ -0,0 +1,27 @@ +--TEST-- +Bug #74435 (Buffer over-read into uninitialized memory) +--SKIPIF-- +<?php +if (!extension_loaded('gd')) die('skip gd extension not available'); +?> +--FILE-- +<?php +$im = imagecreatefromgif(__DIR__ . DIRECTORY_SEPARATOR . 'bug74435.gif'); +var_dump($im); +$width = imagesx($im); +$height = imagesy($im); +for ($i = 0; $i < $width; $i += 16) { + for ($j = 0; $j < $height; $j += 16) { + if (($index = imagecolorat($im, $i, $j)) >= 2) { + list($red, $green, $blue, $alpha) = array_values(imagecolorsforindex($im, $index)); + if ($red !== 0 || $green !== 0 || $blue !== 0 || $alpha !== 0) { + echo "unexpected color at ($i, $j)\n"; + } + } + } +} +?> +===DONE=== +--EXPECTF-- +resource(%d) of type (gd) +===DONE=== |