Skip to content

Commit 1bd103d

Browse files
committed
Fix bug #72730 - imagegammacorrect allows arbitrary write access
1 parent a3598dd commit 1bd103d

File tree

2 files changed

+20
-0
lines changed

2 files changed

+20
-0
lines changed

Diff for: ext/gd/gd.c

+5
Original file line numberDiff line numberDiff line change
@@ -3082,6 +3082,11 @@ PHP_FUNCTION(imagegammacorrect)
30823082
return;
30833083
}
30843084

3085+
if ( input <= 0.0 || output <= 0.0 ) {
3086+
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Gamma values should be positive");
3087+
RETURN_FALSE;
3088+
}
3089+
30853090
ZEND_FETCH_RESOURCE(im, gdImagePtr, &IM, -1, "Image", le_gd);
30863091

30873092
if (gdImageTrueColor(im)) {

Diff for: ext/gd/tests/bug72730.phpt

+15
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
--TEST--
2+
Bug #72730: imagegammacorrect allows arbitrary write access
3+
--SKIPIF--
4+
<?php
5+
if (!function_exists("imagecreatetruecolor")) die("skip");
6+
?>
7+
--FILE--
8+
<?php
9+
$img = imagecreatetruecolor(1, 1);
10+
imagegammacorrect($img, -1, 1337);
11+
?>
12+
DONE
13+
--EXPECTF--
14+
Warning: imagegammacorrect(): Gamma values should be positive in %sbug72730.php on line %d
15+
DONE

0 commit comments

Comments
 (0)