1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
--TEST--
Bug #81739 (OOB read due to insufficient validation in imageloadfont())
--EXTENSIONS--
gd
--FILE--
<?php
$s = fopen(__DIR__ . "/font.font", "w");
// header without character data
fwrite($s, "\x01\x00\x00\x00\x20\x00\x00\x00\x08\x00\x00\x00\x08\x00\x00\x00");
fclose($s);
var_dump(imageloadfont(__DIR__ . "/font.font"));
?>
--CLEAN--
<?php
@unlink(__DIR__ . "/font.font");
?>
--EXPECTF--
Warning: imageloadfont(): %croduct of memory allocation multiplication would exceed INT_MAX, failing operation gracefully
in %s on line %d
Warning: imageloadfont(): Error reading font, invalid font header in %s on line %d
bool(false)
|
