Sophie: libgd-2.2.2-1.1.mga5 src

libgd-2.2.2-1.1.mga5.src.rpm

From 1ccfe21e14c4d18336f9da8515cd17db88c3de61 Mon Sep 17 00:00:00 2001
From: Pierre Joye <pierre.php@gmail.com>
Date: Mon, 27 Jun 2016 11:17:39 +0700
Subject: [PATCH] fix php 72494, invalid color index not handled, can lead to
 crash

---
 src/gd_crop.c        | 4 ++++
 tests/CMakeLists.txt | 1 +
 tests/Makefile.am    | 1 +
 tests/gdimagecrop/php_bug_72494.c | 22 ++++++++++++++++++++++
 tests/gdimagecrop/CMakeLists.txt | 5 +++++
 tests/gdimagecrop/Makemodule.am | 5 +++++
 6 files changed, 38 insertions(+)
 create mode 100644 tests/gdimagecrop/php_bug_72494.c
 create mode 100644 tests/gdimagecrop/CMakeLists.txt
 create mode 100644 tests/gdimagecrop/Makemodule.am

diff --git a/src/gd_crop.c b/src/gd_crop.c
index 0296633..532b49b 100644
--- a/src/gd_crop.c
+++ b/src/gd_crop.c
@@ -136,6 +136,10 @@ BGD_DECLARE(gdImagePtr) gdImageCropThreshold(gdImagePtr im, const unsigned int c
 		return NULL;
 	}
 
+	if (!gdImageTrueColor(im) && color >= gdImageColorsTotal(im)) {
+		return NULL;
+	}
+
 	/* TODO: Add gdImageGetRowPtr and works with ptr at the row level
 	 * for the true color and palette images
 	 * new formats will simply work with ptr
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 6f5c786..5093d52 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -31,6 +31,7 @@ if (BUILD_TEST)
 		gdimagecolortransparent
 		gdimagecopy
 		gdimagecopyrotated
+        gdimagecrop
 		gdimagefile
 		gdimagefill
 		gdimagefilledellipse
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 4f6e756..5a0ebe8 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -25,6 +25,7 @@ include gdimagecolorresolve/Makemodule.am
 include gdimagecolortransparent/Makemodule.am
 include gdimagecopy/Makemodule.am
 include gdimagecopyrotated/Makemodule.am
+include gdimagecrop/Makemodule.am
 include gdimagefile/Makemodule.am
 include gdimagefill/Makemodule.am
 include gdimagefilledellipse/Makemodule.am
diff --git a/tests/gdimagecrop/php_bug_72494.c b/tests/gdimagecrop/php_bug_72494.c
new file mode 100644
index 0000000..adaa379
--- /dev/null
+++ b/tests/gdimagecrop/php_bug_72494.c
@@ -0,0 +1,22 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include "gd.h"
+
+#include "gdtest.h"
+
+int main()
+{
+	gdImagePtr im;
+
+	im = gdImageCreate(50, 50);
+
+	if (!im) {
+		gdTestErrorMsg("gdImageCreate failed.\n");
+		return 1;
+	}
+
+	gdImageCropThreshold(im, 1337, 0);
+	gdImageDestroy(im);
+	/* this bug tests a crash, it never reaches this point if the bug exists*/
+	return 0;
+}
diff --git a/tests/gdimagecrop/CMakeLists.txt b/tests/gdimagecrop/CMakeLists.txt
new file mode 100644
index 0000000..f7e4c7e
--- /dev/null
+++ b/tests/gdimagecrop/CMakeLists.txt
@@ -0,0 +1,5 @@
+SET(TESTS_FILES
+	php_bug_72494
+)
+
+ADD_GD_TESTS()
diff --git a/tests/gdimagecrop/Makemodule.am b/tests/gdimagecrop/Makemodule.am
new file mode 100644
index 0000000..210888b
--- /dev/null
+++ b/tests/gdimagecrop/Makemodule.am
@@ -0,0 +1,5 @@
+libgd_test_programs += \
+	gdimagecrop/php_bug_72494
+
+EXTRA_DIST += \
+	gdimagecrop/CMakeLists.txt