1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
From: Pierre Joye <pierre.php@gmail.com>
Date: Mon, 27 Jun 2016 11:17:39 +0700
Subject: fix php 72494, invalid color index not handled, can lead to crash
---
src/gd_crop.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/gd_crop.c b/src/gd_crop.c
index 0296633..532b49b 100644
--- a/src/gd_crop.c
+++ b/src/gd_crop.c
@@ -136,6 +136,10 @@ BGD_DECLARE(gdImagePtr) gdImageCropThreshold(gdImagePtr im, const unsigned int c
return NULL;
}
+ if (color < 0 || (!gdImageTrueColor(im) && color >= gdImageColorsTotal(im))) {
+ return NULL;
+ }
+
/* TODO: Add gdImageGetRowPtr and works with ptr at the row level
* for the true color and palette images
* new formats will simply work with ptr
|
