- Improved safe_mode check for the error_log() function. (Ilia)
- Fixed handling of extremely long paths inside tempnam() function. (Ilia)
- Fixed XSS inside phpinfo() with long inputs. (Ilia)
+- Fixed bug #38112 (corrupted gif segfaults) (Pierre)
- Fixed bug #37720 (merge_php_config scrambles values). (Mike,
pumuckel at metropolis dot de)
- Fixed bug #37569 (WDDX incorrectly encodes high-ascii characters). (Ilia)
if (!im) {
return 0;
}
+
+ if (!im->colorsTotal) {
+ gdImageDestroy(im);
+ return 0;
+ }
+
/* Check for open colors at the end, so
we can reduce colorsTotal and ultimately
BitsPerPixel */
int v;
int xpos = 0, ypos = 0, pass = 0;
int i;
+
+ /*
+ ** Initialize the Compression routines
+ */
+ if (! ReadOK(fd,&c,1)) {
+ return;
+ }
+
+ if (c > MAX_LWZ_BITS) {
+ return;
+ }
+
+
/* Stash the color map into the image */
for (i=0; (i<gdMaxColors); i++) {
im->red[i] = cmap[CM_RED][i];
}
/* Many (perhaps most) of these colors will remain marked open. */
im->colorsTotal = gdMaxColors;
- /*
- ** Initialize the Compression routines
- */
- if (! ReadOK(fd,&c,1)) {
- return;
- }
+
if (LWZReadByte(fd, TRUE, c) < 0) {
return;
}
--- /dev/null
+--TEST--
+Bug #38112 (GIF Invalid Code size ).
+--SKIPIF--
+<?php
+ if (!extension_loaded('gd')) {
+ die("skip gd extension not available\n");
+ }
+ if (!GD_BUNDLED) {
+ die('skip external GD libraries may fail');
+ }
+?>
+--FILE--
+<?php
+$im = imagecreatefromgif(dirname(__FILE__) . '/bug38112.gif');
+?>
+--EXPECTF--
+Warning: imagecreatefromgif() [%s]: '%sbug38112.gif' is not a valid GIF file in %sbug38112.php on line %d
projects / php / commitdiff
