Merge branch 'PHP-7.2'

* PHP-7.2: Fix #73957: signed integer conversion in imagescale()
2024-09-22 02:17:32 +00:00 · 2018-03-10 00:26:25 +01:00 · 2018-03-10 00:26:25 +01:00 · 4095f63a90
commit 4095f63a90
parent 1cb3c15032 d709922979
2 changed files with 21 additions and 1 deletions
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@ -4831,7 +4831,7 @@ PHP_FUNCTION(imagescale)
 		}
 	}

-	if (tmp_h <= 0 || tmp_w <= 0) {
+	if (tmp_h <= 0 || tmp_h > INT_MAX || tmp_w <= 0 || tmp_w > INT_MAX) {
 		RETURN_FALSE;
 	}

--- a/ext/gd/tests/bug73957.phpt
+++ b/ext/gd/tests/bug73957.phpt
@ -0,0 +1,20 @@
+--TEST--
+Bug #73957 (signed integer conversion in imagescale())
+--SKIPIF--
+<?php
+if (!extension_loaded('gd')) die('skip gd extension not available');
+if (PHP_INT_SIZE != 8) die('skip this test is for 64bit platforms only');
+?>
+--FILE--
+<?php
+$im = imagecreate(8, 8);
+$im = imagescale($im, 0x100000001, 1);
+var_dump($im);
+if ($im) { // which is not supposed to happen
+    var_dump(imagesx($im));
+}
+?>
+===DONE===
+--EXPECT--
+bool(false)
+===DONE===