Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
php5.7720
php-CVE-2016-7126.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-CVE-2016-7126.patch of Package php5.7720
m b6f13a5ef9d6280cf984826a5de012a32c396cd4 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev <stas@php.net> Date: Wed, 10 Aug 2016 00:00:14 -0700 Subject: [PATCH] Fix bug#72697 - select_colors write out-of-bounds --- ext/gd/gd.c | 16 ++++++++-------- ext/gd/tests/bug72697.phpt | 17 +++++++++++++++++ 2 files changed, 25 insertions(+), 8 deletions(-) create mode 100644 ext/gd/tests/bug72697.phpt diff --git a/ext/gd/gd.c b/ext/gd/gd.c index 533dc50..cdfbaa2 100644 --- a/ext/gd/gd.c +++ b/ext/gd/gd.c @@ -1651,11 +1651,11 @@ PHP_FUNCTION(imagetruecolortopalette) ZEND_FETCH_RESOURCE(im, gdImagePtr, &IM, -1, "Image", le_gd); - if (ncolors <= 0) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Number of colors has to be greater than zero"); + if (ncolors <= 0 || ncolors > INT_MAX) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Number of colors has to be greater than zero and no more than %d", INT_MAX); RETURN_FALSE; } - gdImageTrueColorToPalette(im, dither, ncolors); + gdImageTrueColorToPalette(im, dither, (int)ncolors); RETURN_TRUE; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor