From ca85f5e37e135ade0be998a523d26eacc9c48816 Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Wed, 24 Jul 2024 13:08:23 +0200 Subject: [PATCH] Port "gd2: use existing overflow2() rather than ad-hoc version" We port this modification[1] from libgd into our bundled libgd, because the change makes sense, and we want the code bases to stay in sync as close as possible. We also apply a quick fix to the respective test. [1] --- ext/gd/libgd/gd_gd2.c | 2 +- ext/gd/tests/bug73869.phpt | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ext/gd/libgd/gd_gd2.c b/ext/gd/libgd/gd_gd2.c index c41346a517fc8..8e0307e5b120b 100644 --- a/ext/gd/libgd/gd_gd2.c +++ b/ext/gd/libgd/gd_gd2.c @@ -137,7 +137,7 @@ static int _gd2GetHeader(gdIOCtxPtr in, int *sx, int *sy, int *cs, int *vers, in GD2_DBG(gd_error("%d Chunks vertically", *ncy)); if (gd2_compressed(*fmt)) { - if (*ncx <= 0 || *ncy <= 0 || *ncx > INT_MAX / *ncy) { + if (overflow2(*ncx, *ncy)) { GD2_DBG(printf ("Illegal chunk counts: %d * %d\n", *ncx, *ncy)); goto fail1; } diff --git a/ext/gd/tests/bug73869.phpt b/ext/gd/tests/bug73869.phpt index cfa67c50f3517..74b4798551217 100644 --- a/ext/gd/tests/bug73869.phpt +++ b/ext/gd/tests/bug73869.phpt @@ -14,8 +14,10 @@ var_dump(imagecreatefromgd2(__DIR__ . DIRECTORY_SEPARATOR . 'bug73869a.gd2')); var_dump(imagecreatefromgd2(__DIR__ . DIRECTORY_SEPARATOR . 'bug73869b.gd2')); ?> --EXPECTF-- +%A Warning: imagecreatefromgd2(): "%s" is not a valid GD2 file in %s on line %d bool(false) +%A Warning: imagecreatefromgd2(): "%s" is not a valid GD2 file in %s on line %d bool(false)