-
-
Save anonymous/a3b8821719ca7d6e5386d735f4635cf1 to your computer and use it in GitHub Desktop.
Patch for 72696
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| commit 863d37ea66d5c960db08d6f4a2cbd2518f0f80d1 | |
| Author: Christoph M. Becker <cmbecker69@gmx.de> | |
| Date: Tue Oct 25 13:23:16 2016 +0200 | |
| Fix #72696: imagefilltoborder stackoverflow on truecolor images | |
| We must not allow negative color values be passed to | |
| gdImageFillToBorder(), because that can lead to infinite recursion | |
| since the recursion termination condition will not necessarily be met. | |
| diff --git a/ext/gd/libgd/gd.c b/ext/gd/libgd/gd.c | |
| index 058f1c9..3e7d27a 100644 | |
| --- a/ext/gd/libgd/gd.c | |
| +++ b/ext/gd/libgd/gd.c | |
| @@ -1747,7 +1747,7 @@ void gdImageFillToBorder (gdImagePtr im, int x, int y, int border, int color) | |
| int leftLimit = -1, rightLimit; | |
| int i, restoreAlphaBlending = 0; | |
| - if (border < 0) { | |
| + if (border < 0 || color < 0) { | |
| /* Refuse to fill to a non-solid border */ | |
| return; | |
| } | |
| diff --git a/ext/gd/tests/bug72696.phpt b/ext/gd/tests/bug72696.phpt | |
| new file mode 100644 | |
| index 0000000..4f0d9e7 | |
| --- /dev/null | |
| +++ b/ext/gd/tests/bug72696.phpt | |
| @@ -0,0 +1,14 @@ | |
| +--TEST-- | |
| +Bug #72696 (imagefilltoborder stackoverflow on truecolor images) | |
| +--SKIPIF-- | |
| +<?php | |
| +if (!extension_loaded('gd')) die('skip gd extension not available'); | |
| +?> | |
| +--FILE-- | |
| +<?php | |
| +$im = imagecreatetruecolor(10, 10); | |
| +imagefilltoborder($im, 0, 0, 1, -2); | |
| +?> | |
| +===DONE=== | |
| +--EXPECT-- | |
| +===DONE=== |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment