pajoye Wed May 16 22:16:22 2007 UTC
Added files:
/php-src/ext/gd/tests libgd00086.png libgd00086.phpt
Modified files:
/php-src/ext/gd/libgd gd_png.c
Log:
- libgd #86: Fixed possible infinite loop in libgd/gd_png.c
(Reported by Xavier Roche)
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_png.c?r1=1.23&r2=1.24&diff_format=u
Index: php-src/ext/gd/libgd/gd_png.c
diff -u php-src/ext/gd/libgd/gd_png.c:1.23 php-src/ext/gd/libgd/gd_png.c:1.24
--- php-src/ext/gd/libgd/gd_png.c:1.23 Sun Dec 10 01:28:01 2006
+++ php-src/ext/gd/libgd/gd_png.c Wed May 16 22:16:21 2007
@@ -71,7 +71,11 @@
static void gdPngReadData (png_structp png_ptr, png_bytep data, png_size_t
length)
{
- gdGetBuf(data, length, (gdIOCtx *) png_get_io_ptr(png_ptr));
+ int check;
+ check = gdGetBuf(data, length, (gdIOCtx *) png_get_io_ptr(png_ptr));
+ if (check != length) {
+ png_error(png_ptr, "Read Error: truncated data");
+ }
}
static void gdPngWriteData (png_structp png_ptr, png_bytep data, png_size_t
length)
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00086.phpt?view=markup&rev=1.1
Index: php-src/ext/gd/tests/libgd00086.phpt
+++ php-src/ext/gd/tests/libgd00086.phpt
--TEST--
Bug #39780 (PNG image with CRC/data error raises a fatal error)
--SKIPIF--
<?php
if (!extension_loaded('gd')) die("skip gd extension not available\n");
if (!GD_BUNDLED) die('skip external GD libraries always fail');
?>
--FILE--
<?php
$im = imagecreatefrompng(dirname(__FILE__) . '/libgd00086.png');
var_dump($im);
?>
--EXPECTF--
Warning: imagecreatefrompng(): gd-png: fatal libpng error: Read Error:
truncated data in %s on line %d
Warning: imagecreatefrompng(): gd-png error: setjmp returns error condition in
%s on line %d
Warning: imagecreatefrompng(): '%s' is not a valid PNG file in %s on line %d
bool(false)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
![[PHP-CVS] cvs: php-src /ext/gd/libgd gd_png.c /ext/gd/tests libgd00086.phpt libgd00086.png](/search?l=php-cvs@lists.php.net&q=subject:%22%5C%5BPHP%5C-CVS%5C%5D+cvs%5C%3A+php%5C-src+%5C%2Fext%5C%2Fgd%5C%2Flibgd+gd_png.c++%5C%2Fext%5C%2Fgd%5C%2Ftests+libgd00086.phpt+libgd00086.png%22&o=newest){kind=link}
