From 436a7a9767748a95292a72a758c0a6e2c86206e5 Mon Sep 17 00:00:00 2001
From: Mattias Bengtsson <mattias@php.net>
Date: Thu, 9 Aug 2007 12:08:29 +0000
Subject: [PATCH] - libgd #94, imagecreatefromxbm can crash if gdImageCreate
 fails

---
 ext/gd/libgd/xbm.c           |  4 +++-
 ext/gd/tests/libgd00094.phpt | 19 +++++++++++++++++++
 ext/gd/tests/libgd00094.xbm  |  3 +++
 3 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 ext/gd/tests/libgd00094.phpt
 create mode 100644 ext/gd/tests/libgd00094.xbm

diff --git a/ext/gd/libgd/xbm.c b/ext/gd/libgd/xbm.c
index 7a0ca8c40c..53a0d63679 100644
--- a/ext/gd/libgd/xbm.c
+++ b/ext/gd/libgd/xbm.c
@@ -96,7 +96,9 @@ gdImagePtr gdImageCreateFromXbm(FILE * fd)
 		return 0;
 	}
 
-	im = gdImageCreate(width, height);
+	if(!(im = gdImageCreate(width, height))) {
+		return 0;
+	}
 	gdImageColorAllocate(im, 255, 255, 255);
 	gdImageColorAllocate(im, 0, 0, 0);
 	h[2] = '\0';
diff --git a/ext/gd/tests/libgd00094.phpt b/ext/gd/tests/libgd00094.phpt
new file mode 100644
index 0000000000..d1d68eab04
--- /dev/null
+++ b/ext/gd/tests/libgd00094.phpt
@@ -0,0 +1,19 @@
+--TEST--
+libgd #94 (imagecreatefromxbm can crash if gdImageCreate fails)
+--SKIPIF--
+<?php
+	if (!extension_loaded('gd')) die("skip gd extension not available\n");
+	if (!GD_BUNDLED) die("skip requires bundled GD library\n");
+?>
+--FILE--
+<?php
+$im = imagecreatefromxbm(dirname(__FILE__) . '/libgd00094.xbm');
+var_dump($im);
+?>
+--EXPECTF--
+Warning: imagecreatefromxbm(): gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully
+ in %slibgd00094.php on line %d
+
+Warning: imagecreatefromxbm(): '%slibgd00094.xbm' is not a valid XBM file in %slibgd00094.php on line %d
+bool(false)
+
diff --git a/ext/gd/tests/libgd00094.xbm b/ext/gd/tests/libgd00094.xbm
new file mode 100644
index 0000000000..4d0f5bdd87
--- /dev/null
+++ b/ext/gd/tests/libgd00094.xbm
@@ -0,0 +1,3 @@
+#define width 255
+#define height 1073741824
+static unsigned char bla = {
-- 
2.40.0