From f5a76943054bd69e6e64042cc084d1aacfa7f21c Mon Sep 17 00:00:00 2001 From: Pierre Joye Date: Sun, 25 Dec 2005 19:39:53 +0000 Subject: [PATCH] - MFH: fix segfault/leak in imagecolormatch - MFH: test for imagecolormatch --- ext/gd/gd.c | 4 ++++ ext/gd/libgd/gd_topal.c | 3 +++ ext/gd/tests/colormatch.phpt | 21 +++++++++++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 ext/gd/tests/colormatch.phpt diff --git a/ext/gd/gd.c b/ext/gd/gd.c index 5fe9ecdfcc..0908f608e4 100644 --- a/ext/gd/gd.c +++ b/ext/gd/gd.c @@ -930,6 +930,10 @@ PHP_FUNCTION(imagecolormatch) php_error_docref(NULL TSRMLS_CC, E_ERROR, "Image1 and Image2 must be the same size" ); RETURN_FALSE; break; + case -4: + php_error_docref(NULL TSRMLS_CC, E_ERROR, "Image2 must have at least one color" ); + RETURN_FALSE; + break; } RETURN_TRUE; diff --git a/ext/gd/libgd/gd_topal.c b/ext/gd/libgd/gd_topal.c index 15eed3e11e..2d7db8c73f 100644 --- a/ext/gd/libgd/gd_topal.c +++ b/ext/gd/libgd/gd_topal.c @@ -2086,6 +2086,9 @@ int gdImageColorMatch (gdImagePtr im1, gdImagePtr im2) if( (im1->sx != im2->sx) || (im1->sy != im2->sy) ) { return -3; /* the images are meant to be the same dimensions */ } + if (im2->colorsTotal<1) { + return -4; /* At least 1 color must be allocated */ + } buf = (unsigned long *)safe_emalloc(sizeof(unsigned long), 5 * im2->colorsTotal, 0); memset( buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal ); diff --git a/ext/gd/tests/colormatch.phpt b/ext/gd/tests/colormatch.phpt new file mode 100644 index 0000000000..d940914ea5 --- /dev/null +++ b/ext/gd/tests/colormatch.phpt @@ -0,0 +1,21 @@ +--TEST-- +imagecolormatch +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +Fatal error: imagecolormatch(): Image2 must have at least one color in %s on line %d + -- 2.50.1