From: Pierre Joye <pajoye@php.net>
Date: Sun, 25 Dec 2005 19:21:58 +0000 (+0000)
Subject: - fix leak/segfaults in imagecolormatch
X-Git-Tag: RELEASE_1_0_4~234
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=65df8e80eac2990e6bf7de47bd05b4810411cff8;p=php

- fix leak/segfaults in imagecolormatch
- add tests for imagecolorexact and imagecolormatch
  The later is only about the segv
---

diff --git a/ext/gd/gd.c b/ext/gd/gd.c
index eb93d2a8cc..3d1a0e9abd 100644
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -822,6 +822,10 @@ PHP_FUNCTION(imagecolormatch)
 			php_error_docref(NULL TSRMLS_CC, E_ERROR, "Image1 and Image2 must be the same size" );
 			RETURN_FALSE;
 			break;
+		case -4:
+			php_error_docref(NULL TSRMLS_CC, E_ERROR, "Image2 must have at least one color" );
+			RETURN_FALSE;
+			break;
 	}
 
 	RETURN_TRUE;
diff --git a/ext/gd/libgd/gd_topal.c b/ext/gd/libgd/gd_topal.c
index 15eed3e11e..2d7db8c73f 100644
--- a/ext/gd/libgd/gd_topal.c
+++ b/ext/gd/libgd/gd_topal.c
@@ -2086,6 +2086,9 @@ int gdImageColorMatch (gdImagePtr im1, gdImagePtr im2)
 	if( (im1->sx != im2->sx) || (im1->sy != im2->sy) ) {
 		return -3; /* the images are meant to be the same dimensions */
 	}
+	if (im2->colorsTotal<1) {
+		return -4; /* At least 1 color must be allocated */
+	}
 
 	buf = (unsigned long *)safe_emalloc(sizeof(unsigned long), 5 * im2->colorsTotal, 0);
 	memset( buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal );
diff --git a/ext/gd/tests/colorexact.phpt b/ext/gd/tests/colorexact.phpt
new file mode 100644
index 0000000000..e6983b7516
--- /dev/null
+++ b/ext/gd/tests/colorexact.phpt
@@ -0,0 +1,40 @@
+--TEST--
+imagecolorexact
+--SKIPIF--
+<?php
+        if (!function_exists('imagecolorexact')) die("skip gd extension not available\n");
+?>
+--FILE--
+<?php
+
+$im = imagecreatetruecolor(5,5);
+$c = imagecolorexact($im, 255,0,255);
+$c2 = imagecolorexactalpha($im, 255,0,255, 100);
+
+printf("%X\n", $c);
+printf("%X\n", $c2);
+
+imagedestroy($im);
+
+$im = imagecreate(5,5);
+$c = imagecolorallocate($im, 255,0,255);
+$c2 = imagecolorallocate($im, 255,200,0);
+$c3 = imagecolorallocatealpha($im, 255,200,0,100);
+
+echo imagecolorexact($im, 255,0,255) . "\n";
+echo imagecolorexact($im, 255,200,0) . "\n";
+echo imagecolorexactalpha($im, 255,200,0,100) . "\n";
+
+
+// unallocated index
+echo imagecolorexact($im, 12,12,12) . "\n";
+
+imagedestroy($im);
+?>
+--EXPECTF--
+FF00FF
+64FF00FF
+0
+1
+2
+-1
diff --git a/ext/gd/tests/colormatch.phpt b/ext/gd/tests/colormatch.phpt
new file mode 100644
index 0000000000..d940914ea5
--- /dev/null
+++ b/ext/gd/tests/colormatch.phpt
@@ -0,0 +1,21 @@
+--TEST--
+imagecolormatch
+--SKIPIF--
+<?php
+        if (!function_exists('imagecolormatch')) die("skip gd extension not available\n");
+?>
+--FILE--
+<?php
+
+$im = imagecreatetruecolor(5,5);
+$im2 = imagecreate(5,5);
+
+imagecolormatch($im, $im2);
+
+echo "ok\n";
+
+imagedestroy($im);
+?>
+--EXPECTF--
+Fatal error: imagecolormatch(): Image2 must have at least one color in %s on line %d
+