GD2 stores the number of horizontal and vertical chunks as words (i.e. 2
byte unsigned). These values are multiplied and assigned to an int when
reading the image, what can cause integer overflows. We have to avoid
that, and also make sure that either chunk count is actually greater
than zero. If illegal chunk counts are detected, we bail out from
reading the image.
(cherry picked from commit 5b5d9db3988b829e0b121b74bb3947f01c2796a1)
We must not pretend that there are image data if there are none. Instead
we fail reading the image file gracefully.
(cherry picked from commit cdb648dc4115ce0722f3cc75e6a65115fc0e56ab)
. GD is now thread-safe thanks to wrappers around freetype library
. Significant optimization to png writing code.
. Miscellaneous fixes.
Fixed memory leak inside php_imagettftext_common()
Make ext/gd compile with GD 2.0.17+ (gdFreeFontCache() is not avaliable)
conversion. The same crash still occures with png/jpeg -> gd -> png/jpeg, because
apparently gd format cannot handle truecolor images.
Turned off debug messages inside gd_gd2.c.
This initial checkin has no changes to any of the libgd code so it can
be used as a basis for diffs. It also will not build currently because
of this. The PHP gd checks need to be incorporated along with a bit of
other config magic. It also shouldn't break the build and will only
take effect if you use --with-gd=php right now.
