# include <X11/xpm.h>
#endif
-#ifndef HAVE_GD_BUNDLED
# include "gd_compat.h"
-#endif /* HAVE_GD_BUNDLED */
+
static int le_gd, le_gd_font;
#if HAVE_LIBT1
body_size = font->w * font->h * font->nchars;
}
- if ((font->nchars <= 0 || font->h <= 0 || font->w <= 0 ) || \
- (font->nchars > INT_MAX / font->h) || \
- (font->nchars * font->h > INT_MAX / font->w)) {
+ if (overflow2(font->nchars, font->h) || overflow2(font->nchars * font->h, font->w )) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error reading font, invalid font header");
efree(font);
php_stream_close(stream);
#endif
#include "gd_compat.h"
+#include <TSRM.h>
#ifdef HAVE_GD_JPG
int gdJpegGetVersionInt()
}
#endif
+int overflow2(int a, int b)
+{
+ TSRMLS_FETCH();
+
+ if(a <= 0 || b <= 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "gd warning: one parameter to a memory allocation multiplication is negative or zero, failing operation gracefully\n");
+ return 1;
+ }
+ if(a > INT_MAX / b) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n");
+ return 1;
+ }
+ return 0;
+}
+
#ifndef GD_COMPAT_H
#define GD_COMPAT_H 1
+#ifndef HAVE_GD_BUNDLED
+/* from gd_compat.c */
const char * gdPngGetVersionString();
const char * gdJpegGetVersionString();
int gdJpegGetVersionInt();
+#endif
+
+/* from gd_compat.c of libgd/gd_security.c */
+int overflow2(int a, int b);
#endif /* GD_COMPAT_H */
--SKIPIF--
<?php
if (!extension_loaded('gd')) die("skip gd extension not available\n");
- if (!GD_BUNDLED) die('skip external GD libraries always fail');
?>
--FILE--
<?php
projects / php / commitdiff