tests bug38112.gif bug38112.phpt

Pierre-Alain Joye Mon, 17 Jul 2006 08:14:52 -0700

pajoye          Mon Jul 17 15:08:46 2006 UTC

  Modified files:              
    /php-src/ext/gd/libgd       gd_gif_in.c 
    /php-src/ext/gd/tests       bug38112.phpt bug38112.gif 
  Log:
  - MFB: #38112, corrupt GIF Image segfault
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.10&r2=1.11&diff_format=u
Index: php-src/ext/gd/libgd/gd_gif_in.c
diff -u php-src/ext/gd/libgd/gd_gif_in.c:1.10 
php-src/ext/gd/libgd/gd_gif_in.c:1.11
--- php-src/ext/gd/libgd/gd_gif_in.c:1.10       Mon May  8 11:49:33 2006
+++ php-src/ext/gd/libgd/gd_gif_in.c    Mon Jul 17 15:08:46 2006
@@ -216,6 +216,12 @@
        if (!im) {
                return 0;
        }
+
+       if (!im->colorsTotal) {
+               gdImageDestroy(im);
+               return 0;
+       }
+
        /* Check for open colors at the end, so
           we can reduce colorsTotal and ultimately
           BitsPerPixel */
@@ -499,6 +505,18 @@
        int             v;
        int             xpos = 0, ypos = 0, pass = 0;
        int i;
+
+       /*
+        **  Initialize the Compression routines
+        */
+       if (! ReadOK(fd,&c,1)) {
+               return;
+       }
+
+       if (c > MAX_LWZ_BITS) {
+               return; 
+       }
+
        /* Stash the color map into the image */
        for (i=0; (i<gdMaxColors); i++) {
                im->red[i] = cmap[CM_RED][i];
@@ -508,12 +526,6 @@
        }
        /* Many (perhaps most) of these colors will remain marked open. */
        im->colorsTotal = gdMaxColors;
-       /*
-        **  Initialize the Compression routines
-        */
-       if (! ReadOK(fd,&c,1)) {
-               return;
-       }
        if (LWZReadByte(fd, TRUE, c) < 0) {
                return;
        }
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/bug38112.phpt?r1=1.1&r2=1.2&diff_format=u
Index: php-src/ext/gd/tests/bug38112.phpt
diff -u /dev/null php-src/ext/gd/tests/bug38112.phpt:1.2
--- /dev/null   Mon Jul 17 15:08:46 2006
+++ php-src/ext/gd/tests/bug38112.phpt  Mon Jul 17 15:08:46 2006
@@ -0,0 +1,17 @@
+--TEST--
+Bug #38112 (GIF Invalid Code size ).
+--SKIPIF--
+<?php 
+       if (!extension_loaded('gd')) {  
+               die("skip gd extension not available\n");
+       }
+       if (!GD_BUNDLED) {
+               die('skip external GD libraries may fail');
+       }
+?>
+--FILE--
+<?php
+$im = imagecreatefromgif(dirname(__FILE__) . '/bug38112.gif');
+?>
+--EXPECTF--
+Warning: imagecreatefromgif(): '%sbug38112.gif' is not a valid GIF file in 
%sbug38112.php on line %d
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/bug38112.gif?r1=1.1&r2=1.2&diff_format=u
Index: php-src/ext/gd/tests/bug38112.gif


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src /ext/gd/libgd gd_gif_in.c /ext/gd/tests bug38112.gif bug38112.phpt

Reply via email to