Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
gdCtxPrintf vsnprintf return value not checked - leaks stack memory #211
See reproduction test case, length from the failed vsnprintf attempt  to copy more than 8000 chars on a 4096 buffer, vsnprintf  "a return value of size or more means that the output was truncated", however libgd returns this length as is and PHP prints more information from memory than it should.
Libgd isn't checking the vsnprintf return value and PHP 5.5 will print the length specified, leaking memory data.
This was reported to PHP
Compile PHP 5.5 with ASAN.