]> granicus.if.org Git - php/commit
projects / php / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cf6f25b) | patch
Fixed bug #75111 (Memory disclosure or DoS via crafted .bmp image)
authorChristoph M. Becker <cmbecker69@gmx.de>
Thu, 24 Aug 2017 10:39:45 +0000 (12:39 +0200)
committerChristoph M. Becker <cmbecker69@gmx.de>
Thu, 24 Aug 2017 12:07:10 +0000 (14:07 +0200)
commit5cd348c1d606b890abae076a38e47effcfda79be
tree5e5bd768ef68311a08d1b7fe49fbc8c441840e1dtree | snapshot
parentcf6f25bd37f2dc36f1443f07406a89040c50db65commit | diff
Fixed bug #75111 (Memory disclosure or DoS via crafted .bmp image)

Crafted BMP images can cause dynamicSeek() to be called with a negative
position which must not be allowed, since dynamicSeek() works like
fseek() in SEEK_SET mode. We solve this by bailing out if `pos` is
negative, and let the image reading fail gracefully.
NEWS diff | blob | history
ext/gd/libgd/gd_bmp.c diff | blob | history
ext/gd/libgd/gd_io_dp.c diff | blob | history
ext/gd/tests/bug75111.phpt [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.