mirror of
https://github.com/php/php-src.git
synced 2024-09-29 22:06:09 +00:00
Merge branch 'PHP-7.0'
* PHP-7.0: fix #72519, possible OOB using imagegif
This commit is contained in:
commit
2707271465
@ -601,14 +601,26 @@ nomatch:
|
||||
* code in turn. When the buffer fills up empty it and start over.
|
||||
*/
|
||||
|
||||
static unsigned long masks[] = { 0x0000, 0x0001, 0x0003, 0x0007, 0x000F,
|
||||
static const unsigned long masks[] = { 0x0000, 0x0001, 0x0003, 0x0007, 0x000F,
|
||||
0x001F, 0x003F, 0x007F, 0x00FF,
|
||||
0x01FF, 0x03FF, 0x07FF, 0x0FFF,
|
||||
0x1FFF, 0x3FFF, 0x7FFF, 0xFFFF };
|
||||
|
||||
|
||||
/* Arbitrary value to mark output is done. When we see EOFCode, then we don't
|
||||
* expect to see any more data. If we do (e.g. corrupt image inputs), cur_bits
|
||||
* might be negative, so flag it to return early.
|
||||
*/
|
||||
#define CUR_BITS_FINISHED -1000
|
||||
|
||||
|
||||
static void
|
||||
output(code_int code, GifCtx *ctx)
|
||||
{
|
||||
if (ctx->cur_bits == CUR_BITS_FINISHED) {
|
||||
return;
|
||||
}
|
||||
|
||||
ctx->cur_accum &= masks[ ctx->cur_bits ];
|
||||
|
||||
if( ctx->cur_bits > 0 )
|
||||
@ -655,8 +667,10 @@ output(code_int code, GifCtx *ctx)
|
||||
ctx->cur_bits -= 8;
|
||||
}
|
||||
|
||||
flush_char(ctx);
|
||||
/* Flag that it's done to prevent re-entry. */
|
||||
ctx->cur_bits = CUR_BITS_FINISHED;
|
||||
|
||||
flush_char(ctx);
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user