From: Marcus Boerger <helly@php.net>
Date: Thu, 24 Feb 2005 00:12:15 +0000 (+0000)
Subject: - Prevent superflous memory allocation
X-Git-Tag: RELEASE_0_3~218
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=30f870f957d4b1918afa0b826dd96eac0b9bba89;p=php

- Prevent superflous memory allocation
---

diff --git a/ext/standard/image.c b/ext/standard/image.c
index 477d57c61d..cc2bdb0cd3 100644
--- a/ext/standard/image.c
+++ b/ext/standard/image.c
@@ -867,10 +867,11 @@ static struct gfxinfo *php_handle_tiff (php_stream * stream, pval *info, int mot
  */
 static struct gfxinfo *php_handle_iff(php_stream * stream TSRMLS_DC)
 {
-	struct gfxinfo *result = NULL;
+	struct gfxinfo * result;
 	unsigned char a[10];
 	int chunkId;
 	int size;
+	short width, height, bits;
 
 	if (php_stream_read(stream, a, 8) != 8) {
 		return NULL;
@@ -893,18 +894,20 @@ static struct gfxinfo *php_handle_iff(php_stream * stream TSRMLS_DC)
 			size++;
 		}
 		if (chunkId == 0x424d4844) { /* BMHD chunk */
-			if (php_stream_read(stream, a, 9) != 9) {
+			if (size < 9 || php_stream_read(stream, a, 9) != 9) {
 				return NULL;
 			}
-			result = (struct gfxinfo *) ecalloc(1, sizeof(struct gfxinfo));
-			result->width    = php_ifd_get16s(a+0, 1);
-			result->height   = php_ifd_get16s(a+2, 1);
-			result->bits     = a[8] & 0xff;
-			result->channels = 0;
-			if (result->width > 0 && result->height > 0 && result->bits > 0 && result->bits < 33) {
+			width  = php_ifd_get16s(a+0, 1);
+			height = php_ifd_get16s(a+2, 1);
+			bits   = a[8] & 0xff;
+			if (width > 0 && height > 0 && bits > 0 && bits < 33) {
+				result = (struct gfxinfo *) ecalloc(1, sizeof(struct gfxinfo));
+				result->width    = width;
+				result->height   = height;
+				result->bits     = bits;
+				result->channels = 0;
 				return result;
 			}
-			efree(result);
 		} else {
 			if (php_stream_seek(stream, size, SEEK_CUR)) {
 				return NULL;