Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed bug #72227: imagescale out-of-bounds read
  • Loading branch information
smalyshev committed May 23, 2016
1 parent 97eff7e commit 7a1aac3
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 3 deletions.
6 changes: 3 additions & 3 deletions ext/gd/libgd/gd_interpolation.c
Expand Up @@ -934,9 +934,6 @@ static inline LineContribType *_gdContributionsCalc(unsigned int line_size, unsi
double dTotalWeight = 0.0;
int iSrc;

res->ContribRow[u].Left = iLeft;
res->ContribRow[u].Right = iRight;

/* Cut edge points to fit in filter window in case of spill-off */
if (iRight - iLeft + 1 > windows_size) {
if (iLeft < ((int)src_size - 1 / 2)) {
Expand All @@ -946,6 +943,9 @@ static inline LineContribType *_gdContributionsCalc(unsigned int line_size, unsi
}
}

res->ContribRow[u].Left = iLeft;
res->ContribRow[u].Right = iRight;

for (iSrc = iLeft; iSrc <= iRight; iSrc++) {
dTotalWeight += (res->ContribRow[u].Weights[iSrc-iLeft] = scale_f_d * (*pFilter)(scale_f_d * (dCenter - (double)iSrc)));
}
Expand Down
15 changes: 15 additions & 0 deletions ext/gd/tests/bug72227.phpt
@@ -0,0 +1,15 @@
--TEST--
Bug #72227: imagescale out-of-bounds read
--SKIPIF--
<?php
if (!extension_loaded('gd')) die("skip gd extension not available\n");
?>
--FILE--
<?php

$img = imagecreatetruecolor ( 100, 100);
imagescale($img, 13, 1, IMG_BICUBIC);
?>
DONE
--EXPECT--
DONE

0 comments on commit 7a1aac3

Please sign in to comment.