php-src/ext/gd/tests/bug72482.phpt
Christoph M. Becker 1b5543b8ab Fix #72482: Ilegal write/read access caused by gdImageAALine overflow
Instead of rolling our own bounds check we use clip_1d() as it's done
in gdImageLine() and in external libgd. We must not pass the image
width and height, respectively, but rather the largest ordinate value
that is allowed to be accessed, i.e. width-1 and height-1,
respectively.

(cherry picked from commit 6499581af7)
2016-11-01 13:03:41 +01:00

20 lines
463 B
PHP

--TEST--
Bug #72482 (Ilegal write/read access caused by gdImageAALine overflow)
--SKIPIF--
<?php
if (!extension_loaded('gd')) die('skip gd extension not available');
?>
--FILE--
<?php
$img = imagecreatetruecolor(13, 1007);
imageantialias($img, true);
imageline($img, 0, 0, 1073745919, 1073745919, 4096);
$img = imagecreatetruecolor(100, 100);
imageantialias($img, true);
imageline($img, 1094795585, 0, 2147483647, 255, 0xff);
?>
===DONE===
--EXPECT--
===DONE===