Skip to content

Commit 7a1aac3

Browse files
committed
Fixed bug #72227: imagescale out-of-bounds read
Ported from libgd/libgd@4f65a3e
1 parent 97eff7e commit 7a1aac3

File tree

2 files changed

+18
-3
lines changed

2 files changed

+18
-3
lines changed

Diff for: ext/gd/libgd/gd_interpolation.c

+3-3
Original file line numberDiff line numberDiff line change
@@ -934,9 +934,6 @@ static inline LineContribType *_gdContributionsCalc(unsigned int line_size, unsi
934934
double dTotalWeight = 0.0;
935935
int iSrc;
936936

937-
res->ContribRow[u].Left = iLeft;
938-
res->ContribRow[u].Right = iRight;
939-
940937
/* Cut edge points to fit in filter window in case of spill-off */
941938
if (iRight - iLeft + 1 > windows_size) {
942939
if (iLeft < ((int)src_size - 1 / 2)) {
@@ -946,6 +943,9 @@ static inline LineContribType *_gdContributionsCalc(unsigned int line_size, unsi
946943
}
947944
}
948945

946+
res->ContribRow[u].Left = iLeft;
947+
res->ContribRow[u].Right = iRight;
948+
949949
for (iSrc = iLeft; iSrc <= iRight; iSrc++) {
950950
dTotalWeight += (res->ContribRow[u].Weights[iSrc-iLeft] = scale_f_d * (*pFilter)(scale_f_d * (dCenter - (double)iSrc)));
951951
}

Diff for: ext/gd/tests/bug72227.phpt

+15
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
--TEST--
2+
Bug #72227: imagescale out-of-bounds read
3+
--SKIPIF--
4+
<?php
5+
if (!extension_loaded('gd')) die("skip gd extension not available\n");
6+
?>
7+
--FILE--
8+
<?php
9+
10+
$img = imagecreatetruecolor ( 100, 100);
11+
imagescale($img, 13, 1, IMG_BICUBIC);
12+
?>
13+
DONE
14+
--EXPECT--
15+
DONE

0 commit comments

Comments
 (0)