From: Ilia Alshanetsky <iliaa@php.net>
Date: Fri, 30 Jul 2004 01:10:41 +0000 (+0000)
Subject: Fixed bug #29443 (Sanity check for wbmp detection).
X-Git-Tag: PRE_ZEND_VM_DISPATCH_PATCH~307
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=972940509f2c43adeb1723fd17584d3e992997ae;p=php

Fixed bug #29443 (Sanity check for wbmp detection).
---

diff --git a/ext/standard/image.c b/ext/standard/image.c
index c2c3c7ab86..329cd92bd6 100644
--- a/ext/standard/image.c
+++ b/ext/standard/image.c
@@ -955,6 +955,11 @@ static int php_get_wbmp(php_stream *stream, struct gfxinfo **result, int check T
 		}
 		height = (height << 7) | (i & 0x7f);
 	} while (i & 0x80);
+
+	/* maximum valid sizes for wbmp (although 127x127 may be a more accurate one) */
+	if (height > 2048 || width > 2048) {
+		return 0;
+	}
 	
 	if (!check) {
 		(*result)->width = width;