blob: 83668001a7993809ad957f82016aa19cdc728ad9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
From 1ccfe21e14c4d18336f9da8515cd17db88c3de61 Mon Sep 17 00:00:00 2001
From: Pierre Joye <pierre.php@gmail.com>
Date: Mon, 27 Jun 2016 11:17:39 +0700
Subject: [PATCH 1/5] fix php 72494, invalid color index not handled, can lead
to crash
--- libgd2.orig/src/gd_crop.c
+++ libgd2/src/gd_crop.c
@@ -136,6 +136,10 @@ BGD_DECLARE(gdImagePtr) gdImageCropThres
return NULL;
}
+ if (color < 0 || (!gdImageTrueColor(im) && color >= gdImageColorsTotal(im))) {
+ return NULL;
+ }
+
/* TODO: Add gdImageGetRowPtr and works with ptr at the row level
* for the true color and palette images
* new formats will simply work with ptr
|
