Permalink
Browse files

[security] [CVE-2018-5711] Sec Bug #75571: Potential infinite loop in…

… gdImageCreateFromGifCtx

CVE-2018-5711
  • Loading branch information...
paulbiss authored and fredemmott committed May 2, 2018
1 parent 5d0afa0 commit 2e4b6edb6a4eada13ccc5d5f024df300017982ca
@@ -258,10 +258,6 @@ gdImagePtr gdImageCreateFromGifCtx(gdIOCtxPtr fd) /* {{{ */
if (!im) {
return 0;
}
if (!im->colorsTotal) {
gdImageDestroy(im);
return 0;
}
/* Check for open colors at the end, so
we can reduce colorsTotal and ultimately
BitsPerPixel */
@@ -272,6 +268,10 @@ gdImagePtr gdImageCreateFromGifCtx(gdIOCtxPtr fd) /* {{{ */
break;
}
}
if (!im->colorsTotal) {
gdImageDestroy(im);
return 0;
}
return im;
}
/* }}} */
@@ -372,7 +372,7 @@ static int
GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP)
{
int i, j, ret;
unsigned char count;
int count;
if (flag) {
scd->curbit = 0;
No changes.
@@ -0,0 +1,3 @@
<?php
var_dump(imagecreatefromgif(__DIR__ . '/bug75571.gif'));
?>
@@ -0,0 +1,3 @@
Warning: '%s' is not a valid GIF file in %s on line %d
bool(false)
@@ -0,0 +1,3 @@
<?php
if (!function_exists('imagetypes')) die("skip gd extension not available\n");
?>

0 comments on commit 2e4b6ed

Please sign in to comment.