From: Christoph M. Becker <cmb@php.net>
Date: Thu, 23 Jul 2015 16:40:54 +0000 (+0200)
Subject: Merge branch 'PHP-5.6'
X-Git-Tag: php-7.0.0beta3~5^2~99^2~3
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=de3f60d5362629de810d640400aba0d4e37de1f0;p=php

Merge branch 'PHP-5.6'

* PHP-5.6:
  Fix #70052: getimagesize() fails for very large and very small WBMP

Conflicts:
	ext/standard/image.c
---

de3f60d5362629de810d640400aba0d4e37de1f0
diff --cc ext/standard/image.c
index edb0d50ea3,a240493677..378423917e
--- a/ext/standard/image.c
+++ b/ext/standard/image.c
@@@ -969,8 -969,12 +969,12 @@@ static int php_get_wbmp(php_stream *str
  			return 0;
  		}
  		width = (width << 7) | (i & 0x7f);
+         /* maximum valid width for wbmp (although 127 may be a more accurate one) */
+         if (width > 2048) {
+             return 0;
+         }
  	} while (i & 0x80);
 -	
 +
  	/* get height */
  	do {
  		i = php_stream_getc(stream);
@@@ -978,13 -982,16 +982,16 @@@
  			return 0;
  		}
  		height = (height << 7) | (i & 0x7f);
+         /* maximum valid heigth for wbmp (although 127 may be a more accurate one) */
+         if (height > 2048) {
+             return 0;
+         }
  	} while (i & 0x80);
  
- 	/* maximum valid sizes for wbmp (although 127x127 may be a more accurate one) */
- 	if (!height || !width || height > 2048 || width > 2048) {
+ 	if (!height || !width) {
  		return 0;
  	}
 -	
 +
  	if (!check) {
  		(*result)->width = width;
  		(*result)->height = height;
@@@ -1220,9 -1227,10 +1227,10 @@@ PHP_FUNCTION(image_type_to_extension
  
  /* {{{ php_imagetype
     detect filetype from first bytes */
 -PHPAPI int php_getimagetype(php_stream * stream, char *filetype TSRMLS_DC)
 +PHPAPI int php_getimagetype(php_stream * stream, char *filetype)
  {
  	char tmp[12];
+     int twelve_bytes_read;
  
  	if ( !filetype) filetype = tmp;
  	if((php_stream_read(stream, filetype, 3)) != 3) {
@@@ -1283,10 -1290,14 +1290,14 @@@
  	}
  
  /* AFTER ALL ABOVE FAILED */
 -	if (php_get_wbmp(stream, NULL, 1 TSRMLS_CC)) {
 +	if (php_get_wbmp(stream, NULL, 1)) {
  		return IMAGE_FILETYPE_WBMP;
  	}
+     if (!twelve_bytes_read) {
 -		php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Read error!");
++		php_error_docref(NULL, E_NOTICE, "Read error!");
+ 		return IMAGE_FILETYPE_UNKNOWN;
+     }
 -	if (php_get_xbm(stream, NULL TSRMLS_CC)) {
 +	if (php_get_xbm(stream, NULL)) {
  		return IMAGE_FILETYPE_XBM;
  	}
  	return IMAGE_FILETYPE_UNKNOWN;