Fix #68716: possible resource leaks in _php_image_convert()

author Christoph M. Becker <cmbecker69@gmx.de>

Sun, 21 Aug 2016 17:39:58 +0000 (19:39 +0200)

committer Christoph M. Becker <cmbecker69@gmx.de>

Sun, 21 Aug 2016 17:39:58 +0000 (19:39 +0200)
author Christoph M. Becker <cmbecker69@gmx.de>
Sun, 21 Aug 2016 17:39:58 +0000 (19:39 +0200)
committer Christoph M. Becker <cmbecker69@gmx.de>
Sun, 21 Aug 2016 17:39:58 +0000 (19:39 +0200)
diff --git a/NEWS b/NEWS

index fb5a07cfbed29c09b60d42b5590d478f568f20fb..a2b3aadfaa07856fd45682a0d2e2e9da2088245e 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -18,6 +18,7 @@ PHP                                                                        NEWS
      images). (cmb)
    . Fixed bug #72913 (imagecopy() loses single-color transparency on palette
      images). (cmb)
+  . Fixed bug #68716 (possible resource leaks in _php_image_convert()). (cmb)
  
  - JSON:
    . Fixed bug #72787 (json_decode reads out of bounds). (Jakub Zelenka)
diff --git a/ext/gd/gd.c b/ext/gd/gd.c

index 0fb96041087b4b18e6f0910977243bf4a001bbcd..afd3765f1525fb94a08521860c2cee0b43ea21bd 100644 (file)
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -4530,6 +4530,7 @@ static void _php_image_convert(INTERNAL_FUNCTION_PARAMETERS, int image_type )
         dest = VCWD_FOPEN(fn_dest, "wb");
         if (!dest) {
                 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to open '%s' for writing", fn_dest);
+        fclose(org);
                 RETURN_FALSE;
         }
  
@@ -4538,6 +4539,8 @@ static void _php_image_convert(INTERNAL_FUNCTION_PARAMETERS, int image_type )
                         im_org = gdImageCreateFromGif(org);
                         if (im_org == NULL) {
                                 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to open '%s' Not a valid GIF file", fn_dest);
+                fclose(org);
+                fclose(dest);
                                 RETURN_FALSE;
                         }
                         break;
@@ -4548,6 +4551,8 @@ static void _php_image_convert(INTERNAL_FUNCTION_PARAMETERS, int image_type )
                         im_org = gdImageCreateFromJpegEx(org, ignore_warning);
                         if (im_org == NULL) {
                                 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to open '%s' Not a valid JPEG file", fn_dest);
+                fclose(org);
+                fclose(dest);
                                 RETURN_FALSE;
                         }
                         break;
@@ -4558,6 +4563,8 @@ static void _php_image_convert(INTERNAL_FUNCTION_PARAMETERS, int image_type )
                         im_org = gdImageCreateFromPng(org);
                         if (im_org == NULL) {
                                 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to open '%s' Not a valid PNG file", fn_dest);
+                fclose(org);
+                fclose(dest);
                                 RETURN_FALSE;
                         }
                         break;
@@ -4565,10 +4572,14 @@ static void _php_image_convert(INTERNAL_FUNCTION_PARAMETERS, int image_type )
  
                 default:
                         php_error_docref(NULL TSRMLS_CC, E_WARNING, "Format not supported");
+            fclose(org);
+            fclose(dest);
                         RETURN_FALSE;
                         break;
         }
  
+       fclose(org);
+
         org_width  = gdImageSX (im_org);
         org_height = gdImageSY (im_org);
  
@@ -4599,6 +4610,8 @@ static void _php_image_convert(INTERNAL_FUNCTION_PARAMETERS, int image_type )
         im_tmp = gdImageCreate (dest_width, dest_height);
         if (im_tmp == NULL ) {
                 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to allocate temporary buffer");
+        fclose(dest);
+        gdImageDestroy(im_org);
                 RETURN_FALSE;
         }
  
@@ -4606,23 +4619,29 @@ static void _php_image_convert(INTERNAL_FUNCTION_PARAMETERS, int image_type )
  
         gdImageDestroy(im_org);
  
-       fclose(org);
-
         im_dest = gdImageCreate(dest_width, dest_height);
         if (im_dest == NULL) {
                 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to allocate destination buffer");
+        fclose(dest);
+        gdImageDestroy(im_tmp);
                 RETURN_FALSE;
         }
  
         white = gdImageColorAllocate(im_dest, 255, 255, 255);
         if (white == -1) {
                 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to allocate the colors for the destination buffer");
+        fclose(dest);
+        gdImageDestroy(im_tmp);
+        gdImageDestroy(im_dest);
                 RETURN_FALSE;
         }
  
         black = gdImageColorAllocate(im_dest, 0, 0, 0);
         if (black == -1) {
                 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to allocate the colors for the destination buffer");
+        fclose(dest);
+        gdImageDestroy(im_tmp);
+        gdImageDestroy(im_dest);
                 RETURN_FALSE;
         }
author	Christoph M. Becker <cmbecker69@gmx.de>
	Sun, 21 Aug 2016 17:39:58 +0000 (19:39 +0200)
committer	Christoph M. Becker <cmbecker69@gmx.de>
	Sun, 21 Aug 2016 17:39:58 +0000 (19:39 +0200)