From: Christoph M. Becker Date: Sun, 21 Aug 2016 17:39:58 +0000 (+0200) Subject: Fix #68716: possible resource leaks in _php_image_convert() X-Git-Tag: php-5.6.26RC1~18 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6a232c3604f6c00f6c09cc3782dd1b36b30d23d4;p=php Fix #68716: possible resource leaks in _php_image_convert() We properly clean up after ourselves wrt. to closing opened file pointers and created images. --- diff --git a/NEWS b/NEWS index fb5a07cfbe..a2b3aadfaa 100644 --- a/NEWS +++ b/NEWS @@ -18,6 +18,7 @@ PHP NEWS images). (cmb) . Fixed bug #72913 (imagecopy() loses single-color transparency on palette images). (cmb) + . Fixed bug #68716 (possible resource leaks in _php_image_convert()). (cmb) - JSON: . Fixed bug #72787 (json_decode reads out of bounds). (Jakub Zelenka) diff --git a/ext/gd/gd.c b/ext/gd/gd.c index 0fb9604108..afd3765f15 100644 --- a/ext/gd/gd.c +++ b/ext/gd/gd.c @@ -4530,6 +4530,7 @@ static void _php_image_convert(INTERNAL_FUNCTION_PARAMETERS, int image_type ) dest = VCWD_FOPEN(fn_dest, "wb"); if (!dest) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to open '%s' for writing", fn_dest); + fclose(org); RETURN_FALSE; } @@ -4538,6 +4539,8 @@ static void _php_image_convert(INTERNAL_FUNCTION_PARAMETERS, int image_type ) im_org = gdImageCreateFromGif(org); if (im_org == NULL) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to open '%s' Not a valid GIF file", fn_dest); + fclose(org); + fclose(dest); RETURN_FALSE; } break; @@ -4548,6 +4551,8 @@ static void _php_image_convert(INTERNAL_FUNCTION_PARAMETERS, int image_type ) im_org = gdImageCreateFromJpegEx(org, ignore_warning); if (im_org == NULL) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to open '%s' Not a valid JPEG file", fn_dest); + fclose(org); + fclose(dest); RETURN_FALSE; } break; @@ -4558,6 +4563,8 @@ static void _php_image_convert(INTERNAL_FUNCTION_PARAMETERS, int image_type ) im_org = gdImageCreateFromPng(org); if (im_org == NULL) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to open '%s' Not a valid PNG file", fn_dest); + fclose(org); + fclose(dest); RETURN_FALSE; } break; @@ -4565,10 +4572,14 @@ static void _php_image_convert(INTERNAL_FUNCTION_PARAMETERS, int image_type ) default: php_error_docref(NULL TSRMLS_CC, E_WARNING, "Format not supported"); + fclose(org); + fclose(dest); RETURN_FALSE; break; } + fclose(org); + org_width = gdImageSX (im_org); org_height = gdImageSY (im_org); @@ -4599,6 +4610,8 @@ static void _php_image_convert(INTERNAL_FUNCTION_PARAMETERS, int image_type ) im_tmp = gdImageCreate (dest_width, dest_height); if (im_tmp == NULL ) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to allocate temporary buffer"); + fclose(dest); + gdImageDestroy(im_org); RETURN_FALSE; } @@ -4606,23 +4619,29 @@ static void _php_image_convert(INTERNAL_FUNCTION_PARAMETERS, int image_type ) gdImageDestroy(im_org); - fclose(org); - im_dest = gdImageCreate(dest_width, dest_height); if (im_dest == NULL) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to allocate destination buffer"); + fclose(dest); + gdImageDestroy(im_tmp); RETURN_FALSE; } white = gdImageColorAllocate(im_dest, 255, 255, 255); if (white == -1) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to allocate the colors for the destination buffer"); + fclose(dest); + gdImageDestroy(im_tmp); + gdImageDestroy(im_dest); RETURN_FALSE; } black = gdImageColorAllocate(im_dest, 0, 0, 0); if (black == -1) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to allocate the colors for the destination buffer"); + fclose(dest); + gdImageDestroy(im_tmp); + gdImageDestroy(im_dest); RETURN_FALSE; }