imagecolorallocate(): Check that RGB components are in-range

nikic · nikic · commit 4488475a3e3b · 2019-06-20T10:09:54.000+02:00
Instead of letting them bleed over into other components.
diff --git a/ext/gd/gd.c b/ext/gd/gd.c
@@ -1817,6 +1817,12 @@ PHP_FUNCTION(imagelayereffect)
 }
 /* }}} */
 
+#define CHECK_RGB_RANGE(component, name) \
+	if (component < 0 || component > 255) { \
+		php_error_docref(NULL, E_WARNING, #name " component is out of range"); \
+		RETURN_FALSE; \
+	}
+
 /* {{{ proto int imagecolorallocatealpha(resource im, int red, int green, int blue, int alpha)
    Allocate a color with an alpha level.  Works for true color and palette based images */
 PHP_FUNCTION(imagecolorallocatealpha)
@@ -1834,6 +1840,10 @@ PHP_FUNCTION(imagecolorallocatealpha)
 		RETURN_FALSE;
 	}
 
+	CHECK_RGB_RANGE(red, Red);
+	CHECK_RGB_RANGE(green, Green);
+	CHECK_RGB_RANGE(blue, Blue);
+
 	ct = gdImageColorAllocateAlpha(im, red, green, blue, alpha);
 	if (ct < 0) {
 		RETURN_FALSE;
@@ -2809,7 +2819,6 @@ PHP_FUNCTION(imagedestroy)
 }
 /* }}} */
 
-
 /* {{{ proto int imagecolorallocate(resource im, int red, int green, int blue)
    Allocate a color for an image */
 PHP_FUNCTION(imagecolorallocate)
@@ -2827,6 +2836,10 @@ PHP_FUNCTION(imagecolorallocate)
 		RETURN_FALSE;
 	}
 
+	CHECK_RGB_RANGE(red, Red);
+	CHECK_RGB_RANGE(green, Green);
+	CHECK_RGB_RANGE(blue, Blue);
+
 	ct = gdImageColorAllocate(im, red, green, blue);
 	if (ct < 0) {
 		RETURN_FALSE;
diff --git a/ext/gd/tests/imagecolorallocate_variation5.phpt b/ext/gd/tests/imagecolorallocate_variation5.phpt
@@ -45,7 +45,7 @@ foreach($values as $key => $value) {
 };
 ?>
 ===DONE===
---EXPECT--
+--EXPECTF--
 *** Testing imagecolorallocate() : usage variations ***
 
 --Octal 000--
@@ -59,9 +59,15 @@ int(657930)
 int(657930)
 
 --Octal -012--
+
+Warning: imagecolorallocate(): Red component is out of range in %s on line %d
+bool(false)
+
+Warning: imagecolorallocate(): Green component is out of range in %s on line %d
+bool(false)
+
+Warning: imagecolorallocate(): Blue component is out of range in %s on line %d
 bool(false)
-int(652810)
-int(657910)
 
 --Octal 0377--
 int(16714250)
@@ -79,9 +85,15 @@ int(657930)
 int(657930)
 
 --Hexa-decimal -0xA--
+
+Warning: imagecolorallocate(): Red component is out of range in %s on line %d
+bool(false)
+
+Warning: imagecolorallocate(): Green component is out of range in %s on line %d
+bool(false)
+
+Warning: imagecolorallocate(): Blue component is out of range in %s on line %d
 bool(false)
-int(652810)
-int(657910)
 
 --Hexa-decimal 0xFF--
 int(16714250)
diff --git a/ext/gd/tests/imagecolorallocate_variation6.phpt b/ext/gd/tests/imagecolorallocate_variation6.phpt
@@ -34,23 +34,75 @@ foreach($values as $key => $value) {
       //Need to be created every time to get expected return value
       $im_palette = imagecreate(200, 200);
       $im_true_color = imagecreatetruecolor(200, 200);
-      var_dump( imagecolorallocate($im_palette, $value, $value, $value) );
-      var_dump( imagecolorallocate($im_true_color, $value, $value, $value) );
+      var_dump( imagecolorallocate($im_palette, $value, 0, 0) );
+      var_dump( imagecolorallocate($im_true_color, $value, 0, 0) );
+      var_dump( imagecolorallocate($im_palette, 0, $value, 0) );
+      var_dump( imagecolorallocate($im_true_color, 0, $value, 0) );
+      var_dump( imagecolorallocate($im_palette, 0, 0, $value) );
+      var_dump( imagecolorallocate($im_true_color, 0, 0, $value) );
 };
 ?>
 ===DONE===
---EXPECT--
+--EXPECTF--
 *** Testing imagecolorallocate() : usage variations ***
 
 --Decimal 256--
-int(0)
-int(16843008)
+
+Warning: imagecolorallocate(): Red component is out of range in %s on line %d
+bool(false)
+
+Warning: imagecolorallocate(): Red component is out of range in %s on line %d
+bool(false)
+
+Warning: imagecolorallocate(): Green component is out of range in %s on line %d
+bool(false)
+
+Warning: imagecolorallocate(): Green component is out of range in %s on line %d
+bool(false)
+
+Warning: imagecolorallocate(): Blue component is out of range in %s on line %d
+bool(false)
+
+Warning: imagecolorallocate(): Blue component is out of range in %s on line %d
+bool(false)
 
 --Octal 0400--
-int(0)
-int(16843008)
+
+Warning: imagecolorallocate(): Red component is out of range in %s on line %d
+bool(false)
+
+Warning: imagecolorallocate(): Red component is out of range in %s on line %d
+bool(false)
+
+Warning: imagecolorallocate(): Green component is out of range in %s on line %d
+bool(false)
+
+Warning: imagecolorallocate(): Green component is out of range in %s on line %d
+bool(false)
+
+Warning: imagecolorallocate(): Blue component is out of range in %s on line %d
+bool(false)
+
+Warning: imagecolorallocate(): Blue component is out of range in %s on line %d
+bool(false)
 
 --Hexa-decimal 0x100--
-int(0)
-int(16843008)
+
+Warning: imagecolorallocate(): Red component is out of range in %s on line %d
+bool(false)
+
+Warning: imagecolorallocate(): Red component is out of range in %s on line %d
+bool(false)
+
+Warning: imagecolorallocate(): Green component is out of range in %s on line %d
+bool(false)
+
+Warning: imagecolorallocate(): Green component is out of range in %s on line %d
+bool(false)
+
+Warning: imagecolorallocate(): Blue component is out of range in %s on line %d
+bool(false)
+
+Warning: imagecolorallocate(): Blue component is out of range in %s on line %d
+bool(false)
 ===DONE===
