clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 02:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed Bug #65060 imagecreatefrom... crashes with user streams

Browse Source 
Fixed Bug #65084 imagecreatefromjpeg fails with URL

Regression introduced in 8a90aad (drop of USE_GD_IOCTX)
Secure with php_stream_can_cast to avoid segfault in php_stream_cast.
(encountered when imagecreatefromxpm with URL)
This commit is contained in:
Remi Collet 2013-06-21 14:11:04 +02:00
parent 162726241c
commit fc898ee0f9
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@ -8,6 +8,8 @@ PHP NEWS
- GD - GD
. Fixed #65070 (bgcolor does not use the same format as the input image with . Fixed #65070 (bgcolor does not use the same format as the input image with
imagerotate). (Pierre) imagerotate). (Pierre)
. Fixed Bug #65060 (imagecreatefrom... crashes with user streams). (Remi)
. Fixed Bug #65084 (imagecreatefromjpeg fails with URL). (Remi)
20 Jun 2013, PHP 5.5.0 20 Jun 2013, PHP 5.5.0

5
ext/gd/gd.c
View File

@ -2361,13 +2361,12 @@ static void _php_image_create_from(INTERNAL_FUNCTION_PARAMETERS, int image_type,
} }
} }
stream = php_stream_open_wrapper(file, "rb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL); stream = php_stream_open_wrapper(file, "rb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
if (stream == NULL) { if (stream == NULL) {
RETURN_FALSE; RETURN_FALSE;
} }
ioctx_func_p = NULL; /* don't allow sockets without IOCtx */
if (image_type == PHP_GDIMG_TYPE_WEBP) { if (image_type == PHP_GDIMG_TYPE_WEBP) {
size_t buff_size; size_t buff_size;
char *buff; char *buff;
@ -2419,7 +2418,7 @@ static void _php_image_create_from(INTERNAL_FUNCTION_PARAMETERS, int image_type,
io_ctx->gd_free(io_ctx); io_ctx->gd_free(io_ctx);
pefree(buff, 1); pefree(buff, 1);
} }
else { else if (php_stream_can_cast(stream, PHP_STREAM_AS_STDIO)) {
/* try and force the stream to be FILE* */ /* try and force the stream to be FILE* */
if (FAILURE == php_stream_cast(stream, PHP_STREAM_AS_STDIO | PHP_STREAM_CAST_TRY_HARD, (void **) &fp, REPORT_ERRORS)) { if (FAILURE == php_stream_cast(stream, PHP_STREAM_AS_STDIO | PHP_STREAM_CAST_TRY_HARD, (void **) &fp, REPORT_ERRORS)) {
goto out_err; goto out_err;