Extend color component range checks

We also check for alpha components to be within range, and we add yet missing range checks for other functions as well.
php · Aug 11, 2019 · 092571c · 092571c
1 parent 4ebf527
commit 092571c
Showing 1 changed file with 45 additions and 8 deletions.
diff --git a/ext/gd/gd.c b/ext/gd/gd.c
@@ -1836,8 +1836,8 @@ PHP_FUNCTION(imagelayereffect)
 }
 /* }}} */
 
-#define CHECK_RGB_RANGE(component, name) \
-	if (component < 0 || component > 255) { \
+#define CHECK_RGBA_RANGE(component, name) \
+	if (component < 0 || component > gd##name##Max) { \
 		php_error_docref(NULL, E_WARNING, #name " component is out of range"); \
 		RETURN_FALSE; \
 	}
@@ -1859,9 +1859,10 @@ PHP_FUNCTION(imagecolorallocatealpha)
 		RETURN_FALSE;
 	}
 
-	CHECK_RGB_RANGE(red, Red);
-	CHECK_RGB_RANGE(green, Green);
-	CHECK_RGB_RANGE(blue, Blue);
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
+	CHECK_RGBA_RANGE(alpha, Alpha);
 
 	ct = gdImageColorAllocateAlpha(im, red, green, blue, alpha);
 	if (ct < 0) {
@@ -1887,6 +1888,11 @@ PHP_FUNCTION(imagecolorresolvealpha)
 		RETURN_FALSE;
 	}
 
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
+	CHECK_RGBA_RANGE(alpha, Alpha);
+
 	RETURN_LONG(gdImageColorResolveAlpha(im, red, green, blue, alpha));
 }
 /* }}} */
@@ -1907,6 +1913,11 @@ PHP_FUNCTION(imagecolorclosestalpha)
 		RETURN_FALSE;
 	}
 
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
+	CHECK_RGBA_RANGE(alpha, Alpha);
+
 	RETURN_LONG(gdImageColorClosestAlpha(im, red, green, blue, alpha));
 }
 /* }}} */
@@ -1927,6 +1938,11 @@ PHP_FUNCTION(imagecolorexactalpha)
 		RETURN_FALSE;
 	}
 
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
+	CHECK_RGBA_RANGE(alpha, Alpha);
+
 	RETURN_LONG(gdImageColorExactAlpha(im, red, green, blue, alpha));
 }
 /* }}} */
@@ -2868,9 +2884,9 @@ PHP_FUNCTION(imagecolorallocate)
 		RETURN_FALSE;
 	}
 
-	CHECK_RGB_RANGE(red, Red);
-	CHECK_RGB_RANGE(green, Green);
-	CHECK_RGB_RANGE(blue, Blue);
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
 
 	ct = gdImageColorAllocate(im, red, green, blue);
 	if (ct < 0) {
@@ -2955,6 +2971,10 @@ PHP_FUNCTION(imagecolorclosest)
 		RETURN_FALSE;
 	}
 
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
+
 	RETURN_LONG(gdImageColorClosest(im, red, green, blue));
 }
 /* }}} */
@@ -2975,6 +2995,10 @@ PHP_FUNCTION(imagecolorclosesthwb)
 		RETURN_FALSE;
 	}
 
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
+
 	RETURN_LONG(gdImageColorClosestHWB(im, red, green, blue));
 }
 /* }}} */
@@ -3029,6 +3053,10 @@ PHP_FUNCTION(imagecolorresolve)
 		RETURN_FALSE;
 	}
 
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
+
 	RETURN_LONG(gdImageColorResolve(im, red, green, blue));
 }
 /* }}} */
@@ -3049,6 +3077,10 @@ PHP_FUNCTION(imagecolorexact)
 		RETURN_FALSE;
 	}
 
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
+
 	RETURN_LONG(gdImageColorExact(im, red, green, blue));
 }
 /* }}} */
@@ -3070,6 +3102,11 @@ PHP_FUNCTION(imagecolorset)
 		RETURN_FALSE;
 	}
 
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
+	CHECK_RGBA_RANGE(alpha, Alpha);
+
 	col = color;
 
 	if (col >= 0 && col < gdImageColorsTotal(im)) {