diff options
| author | Stanislav Malyshev <stas@php.net> | 2014-05-11 18:14:57 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2014-05-11 18:14:57 -0700 |
| commit | 291b45afb5d5716ff0d340bd2bcb34731b806eed (patch) | |
| tree | aba5d28e8c0d7d402f3e34076f9c95a6bb0f03e1 | |
| parent | cdd1c1122e1075cc45925ace7b2cd42559366a63 (diff) | |
| download | php-git-291b45afb5d5716ff0d340bd2bcb34731b806eed.tar.gz | |
Fix bug #67248 (imageaffinematrixget missing check of parameters)
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | ext/gd/gd.c | 8 | ||||
| -rw-r--r-- | ext/gd/tests/bug67248.phpt | 27 |
3 files changed, 36 insertions, 2 deletions
@@ -33,6 +33,9 @@ PHP NEWS . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). (Julio Pintos) +- GD: + . Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas) + - PCRE: . Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch from the upstream). (Anatol) diff --git a/ext/gd/gd.c b/ext/gd/gd.c index 90a053535a..cbc7219e37 100644 --- a/ext/gd/gd.c +++ b/ext/gd/gd.c @@ -5268,7 +5268,7 @@ PHP_FUNCTION(imageaffinematrixget) { double affine[6]; long type; - zval *options; + zval *options = NULL; zval **tmp; int res = GD_FALSE, i; @@ -5280,7 +5280,7 @@ PHP_FUNCTION(imageaffinematrixget) case GD_AFFINE_TRANSLATE: case GD_AFFINE_SCALE: { double x, y; - if (Z_TYPE_P(options) != IS_ARRAY) { + if (!options || Z_TYPE_P(options) != IS_ARRAY) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Array expected as options"); RETURN_FALSE; } @@ -5327,6 +5327,10 @@ PHP_FUNCTION(imageaffinematrixget) case GD_AFFINE_SHEAR_VERTICAL: { double angle; + if (!options) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Number is expected as option"); + RETURN_FALSE; + } convert_to_double_ex(&options); angle = Z_DVAL_P(options); diff --git a/ext/gd/tests/bug67248.phpt b/ext/gd/tests/bug67248.phpt new file mode 100644 index 0000000000..9c83966a60 --- /dev/null +++ b/ext/gd/tests/bug67248.phpt @@ -0,0 +1,27 @@ +--TEST-- +Bug #67248 (imageaffinematrixget missing check of parameters) +--SKIPIF-- +<?php + if(!extension_loaded('gd')){ die('skip gd extension not available')} + if(!function_exists('imageaffinematrixget')) die('skip imageaffinematrixget() not available'); +?> +--FILE-- +<?php +for($i=0;$i<7;$i++) { + imageaffinematrixget($i); +} +?> +--EXPECTF-- +Warning: imageaffinematrixget(): Array expected as options in %s on line %d + +Warning: imageaffinematrixget(): Array expected as options in %s on line %d + +Warning: imageaffinematrixget(): Number is expected as option in %s on line %d + +Warning: imageaffinematrixget(): Number is expected as option in %s on line %d + +Warning: imageaffinematrixget(): Number is expected as option in %s on line %d + +Warning: imageaffinematrixget(): Invalid type for element 5 in %s on line %d + +Warning: imageaffinematrixget(): Invalid type for element 6 in %s on line %d |