]> granicus.if.org Git - php/commit
projects / php / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f74d7d9) | patch
Fix #72482: Ilegal write/read access caused by gdImageAALine overflow
authorChristoph M. Becker <cmbecker69@gmx.de>
Tue, 25 Oct 2016 13:14:22 +0000 (15:14 +0200)
committerStanislav Malyshev <stas@php.net>
Sun, 30 Oct 2016 21:28:23 +0000 (14:28 -0700)
commit6499581af76cfe986e12330faabb3a7c36d45ffc
tree4f112b47dcbc9bea6745d0fffd0e21a190744384tree | snapshot
parentf74d7d92c8bc1edc2505e0b58546217e9e1ecb40commit | diff
Fix #72482: Ilegal write/read access caused by gdImageAALine overflow

Instead of rolling our own bounds check we use clip_1d() as it's done
in gdImageLine() and in external libgd. We must not pass the image
width and height, respectively, but rather the largest ordinate value
that is allowed to be accessed, i.e. width-1 and height-1,
respectively.
ext/gd/libgd/gd.c diff | blob | history
ext/gd/tests/bug72482.phpt [new file with mode: 0644] blob
ext/gd/tests/bug72482_2.phpt [new file with mode: 0644] blob
ext/gd/tests/bug72482_2.png [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.