File php-CVE-2016-7126.patch of Package php7.3472

Overview Repositories Revisions Requests Users Attributes Meta

File php-CVE-2016-7126.patch of Package php7.3472

m b6f13a5ef9d6280cf984826a5de012a32c396cd4 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Wed, 10 Aug 2016 00:00:14 -0700
Subject: [PATCH] Fix bug#72697 - select_colors write out-of-bounds

---
 ext/gd/gd.c                | 16 ++++++++--------
 ext/gd/tests/bug72697.phpt | 17 +++++++++++++++++
 2 files changed, 25 insertions(+), 8 deletions(-)
 create mode 100644 ext/gd/tests/bug72697.phpt

Index: php-7.0.7/ext/gd/gd.c
===================================================================
--- php-7.0.7.orig/ext/gd/gd.c	2016-09-07 11:35:08.429178734 +0200
+++ php-7.0.7/ext/gd/gd.c	2016-09-07 11:37:35.327680268 +0200
@@ -1514,11 +1514,11 @@ PHP_FUNCTION(imagetruecolortopalette)
 		RETURN_FALSE;
 	}
 
-	if (ncolors <= 0) {
-		php_error_docref(NULL, E_WARNING, "Number of colors has to be greater than zero");
+	if (ncolors <= 0 || ncolors > INT_MAX) {
+		php_error_docref(NULL, E_WARNING, "Number of colors has to be greater than zero and no more than %d", INT_MAX);
 		RETURN_FALSE;
 	}
-	gdImageTrueColorToPalette(im, dither, ncolors);
+	gdImageTrueColorToPalette(im, dither, (int)ncolors);
 
 	RETURN_TRUE;
 }

Places

File php-CVE-2016-7126.patch of Package php7.3472

Places