mirror of
https://github.com/php/php-src.git
synced 2024-11-24 02:15:04 +08:00
Fix #73957: signed integer conversion in imagescale()
We must not pass values to `gdImageScale()` which cannot be represented by an `unsigned int`. Instead we return FALSE, according to what we already did for negative integers.
This commit is contained in:
parent
34b9f9dedf
commit
f1b358c9a9
3
NEWS
3
NEWS
@ -8,6 +8,9 @@ PHP NEWS
|
||||
. Fixed bug #76044 ('date: illegal option -- -' in ./configure on FreeBSD).
|
||||
(Anatol)
|
||||
|
||||
- GD:
|
||||
. Fixed bug #73957 (signed integer conversion in imagescale()). (cmb)
|
||||
|
||||
01 Mar 2018, PHP 7.1.15
|
||||
|
||||
- Apache2Handler:
|
||||
|
@ -4720,7 +4720,7 @@ PHP_FUNCTION(imagescale)
|
||||
}
|
||||
}
|
||||
|
||||
if (tmp_h <= 0 || tmp_w <= 0) {
|
||||
if (tmp_h <= 0 || tmp_h > INT_MAX || tmp_w <= 0 || tmp_w > INT_MAX) {
|
||||
RETURN_FALSE;
|
||||
}
|
||||
|
||||
|
20
ext/gd/tests/bug73957.phpt
Normal file
20
ext/gd/tests/bug73957.phpt
Normal file
@ -0,0 +1,20 @@
|
||||
--TEST--
|
||||
Bug #73957 (signed integer conversion in imagescale())
|
||||
--SKIPIF--
|
||||
<?php
|
||||
if (!extension_loaded('gd')) die('skip gd extension not available');
|
||||
if (PHP_INT_SIZE != 8) die('skip this test is for 64bit platforms only');
|
||||
?>
|
||||
--FILE--
|
||||
<?php
|
||||
$im = imagecreate(8, 8);
|
||||
$im = imagescale($im, 0x100000001, 1);
|
||||
var_dump($im);
|
||||
if ($im) { // which is not supposed to happen
|
||||
var_dump(imagesx($im));
|
||||
}
|
||||
?>
|
||||
===DONE===
|
||||
--EXPECT--
|
||||
bool(false)
|
||||
===DONE===
|
Loading…
Reference in New Issue
Block a user