Permalink
Browse files

[Security] Fix PHP 74435 - Buffer over-read into uninitialized memory

  • Loading branch information...
fredemmott committed Dec 20, 2017
1 parent 31c7a81 commit 54aeb01fb1c9d63504b3c97bcfd33a45c28f2c3f
@@ -146,6 +146,9 @@ gdImagePtr gdImageCreateFromGifCtx(gdIOCtxPtr fd) /* {{{ */
int haveGlobalColormap;
gdImagePtr im = 0;
memset(ColorMap, 0, 3 * MAXCOLORMAPSIZE);
memset(localColorMap, 0, 3 * MAXCOLORMAPSIZE);
/*1.4//imageNumber = 1; */
if (! ReadOK(fd,buf,6)) {
return 0;
@@ -0,0 +1,16 @@
<?php
$im = imagecreatefromgif(__DIR__ . DIRECTORY_SEPARATOR . 'bug74435.gif');
var_dump($im);
$width = imagesx($im);
$height = imagesy($im);
for ($i = 0; $i < $width; $i += 16) {
for ($j = 0; $j < $height; $j += 16) {
if (($index = imagecolorat($im, $i, $j)) >= 2) {
list($red, $green, $blue, $alpha) = array_values(imagecolorsforindex($im, $index));
if ($red !== 0 || $green !== 0 || $blue !== 0 || $alpha !== 0) {
echo "unexpected color at ($i, $j)\n";
}
}
}
}
?>
@@ -0,0 +1,2 @@
resource(%d) of type (gd)
@@ -0,0 +1,3 @@
<?php
if (!extension_loaded('gd')) die('skip gd extension not available');
?>

0 comments on commit 54aeb01

Please sign in to comment.