mirror of
https://github.com/php/php-src.git
synced 2024-09-25 20:07:26 +00:00
Merge branch 'PHP-5.5'
* PHP-5.5: Revert removal of overflow2 use in gd.c Function provided by gd_security with bundled libgd Function provided by gd_compat with system libgd
This commit is contained in:
commit
03091c834c
@ -57,9 +57,8 @@
|
||||
# include <X11/xpm.h>
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_GD_BUNDLED
|
||||
# include "gd_compat.h"
|
||||
#endif /* HAVE_GD_BUNDLED */
|
||||
|
||||
|
||||
static int le_gd, le_gd_font;
|
||||
#if HAVE_LIBT1
|
||||
@ -1476,9 +1475,7 @@ PHP_FUNCTION(imageloadfont)
|
||||
body_size = font->w * font->h * font->nchars;
|
||||
}
|
||||
|
||||
if ((font->nchars <= 0 || font->h <= 0 || font->w <= 0 ) || \
|
||||
(font->nchars > INT_MAX / font->h) || \
|
||||
(font->nchars * font->h > INT_MAX / font->w)) {
|
||||
if (overflow2(font->nchars, font->h) || overflow2(font->nchars * font->h, font->w )) {
|
||||
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error reading font, invalid font header");
|
||||
efree(font);
|
||||
php_stream_close(stream);
|
||||
|
@ -10,6 +10,7 @@
|
||||
#endif
|
||||
|
||||
#include "gd_compat.h"
|
||||
#include <TSRM.h>
|
||||
|
||||
#ifdef HAVE_GD_JPG
|
||||
int gdJpegGetVersionInt()
|
||||
@ -45,3 +46,18 @@ const char * gdPngGetVersionString()
|
||||
}
|
||||
#endif
|
||||
|
||||
int overflow2(int a, int b)
|
||||
{
|
||||
TSRMLS_FETCH();
|
||||
|
||||
if(a <= 0 || b <= 0) {
|
||||
php_error_docref(NULL TSRMLS_CC, E_WARNING, "gd warning: one parameter to a memory allocation multiplication is negative or zero, failing operation gracefully\n");
|
||||
return 1;
|
||||
}
|
||||
if(a > INT_MAX / b) {
|
||||
php_error_docref(NULL TSRMLS_CC, E_WARNING, "gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n");
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -1,8 +1,14 @@
|
||||
#ifndef GD_COMPAT_H
|
||||
#define GD_COMPAT_H 1
|
||||
|
||||
#ifndef HAVE_GD_BUNDLED
|
||||
/* from gd_compat.c */
|
||||
const char * gdPngGetVersionString();
|
||||
const char * gdJpegGetVersionString();
|
||||
int gdJpegGetVersionInt();
|
||||
#endif
|
||||
|
||||
/* from gd_compat.c of libgd/gd_security.c */
|
||||
int overflow2(int a, int b);
|
||||
|
||||
#endif /* GD_COMPAT_H */
|
||||
|
@ -3,7 +3,6 @@ imageloadfont() function crashes
|
||||
--SKIPIF--
|
||||
<?php
|
||||
if (!extension_loaded('gd')) die("skip gd extension not available\n");
|
||||
if (!GD_BUNDLED) die('skip external GD libraries always fail');
|
||||
?>
|
||||
--FILE--
|
||||
<?php
|
||||
|
Loading…
Reference in New Issue
Block a user