im = (*ioctx_func_p)(io_ctx);
if (!im) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Passed data is not in '%s' format", tn);
+ io_ctx->gd_free(io_ctx);
return NULL;
}
* been defined.
*/
- php_gd_error_ex(E_ERROR, "gd-png: fatal libpng error: %s", msg);
+ php_gd_error_ex(E_WARNING, "gd-png: fatal libpng error: %s", msg);
jmpbuf_ptr = png_get_error_ptr (png_ptr);
if (jmpbuf_ptr == NULL) { /* we are completely hosed now */
/* GRR: isn't sizeof(infile) equal to the size of the pointer? */
memset (sig, 0, sizeof(sig));
-
/* first do a quick check that the file really is a PNG image; could
* have used slightly more general png_sig_cmp() function instead
*/
png_set_packing (png_ptr); /* expand to 1 byte per pixel */
}
+ /* setjmp() must be called in every non-callback function that calls a
+ * PNG-reading libpng function
+ */
+#ifndef PNG_SETJMP_NOT_SUPPORTED
+ if (setjmp(gdPngJmpbufStruct.jmpbuf)) {
+ php_gd_error("gd-png error: setjmp returns error condition");
+ png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
+ gdFree(image_data);
+ gdFree(row_pointers);
+ if (im) {
+ gdImageDestroy(im);
+ }
+ return NULL;
+ }
+#endif
+
+
switch (color_type) {
case PNG_COLOR_TYPE_PALETTE:
png_get_PLTE(png_ptr, info_ptr, &palette, &num_palette);
--- /dev/null
+--TEST--
+Bug #39780 (PNG image with CRC/data error raises a fatal error)
+--SKIPIF--
+<?php
+ if (!extension_loaded('gd')) die("skip gd extension not available\n");
+ if (!GD_BUNDLED) die('skip external GD libraries always fail');
+?>
+--FILE--
+<?php
+
+$im = imagecreatefrompng(dirname(__FILE__) . '/bug39780.png');
+var_dump($im);
+?>
+--EXPECTF--
+
+Warning: imagecreatefrompng(): gd-png: fatal libpng error: IDAT: CRC error in %s on line %d
+
+Warning: imagecreatefrompng(): gd-png error: setjmp returns error condition in %s on line %d
+
+Warning: imagecreatefrompng(): '%s' is not a valid PNG file in %s on line %d
+bool(false)
projects / php / commitdiff
