xref: /php-src/ext/gd/tests/bug72339.phpt (revision 0aaad46c)
1--TEST--
2Bug #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
3--EXTENSIONS--
4gd
5--SKIPIF--
6<?php
7if (!function_exists("imagecreatefromgd2")) print "skip";
8
9if (!GD_BUNDLED) {
10    if (version_compare(GD_VERSION, '2.2.2', '<')) {
11        die("skip test requires GD 2.2.2 or higher");
12    }
13    if (version_compare(GD_VERSION, '2.3.3', '>=')) {
14        die("skip test requires GD 2.3.2 or older");
15    }
16}
17?>
18--FILE--
19<?php
20$fname = __DIR__ . DIRECTORY_SEPARATOR . "bug72339.gd";
21
22$fh = fopen($fname, "w");
23fwrite($fh, "gd2\x00");
24fwrite($fh, pack("n", 2));
25fwrite($fh, pack("n", 1));
26fwrite($fh, pack("n", 1));
27fwrite($fh, pack("n", 0x40));
28fwrite($fh, pack("n", 2));
29fwrite($fh, pack("n", 0x5AA0)); // Chunks Wide
30fwrite($fh, pack("n", 0x5B00)); // Chunks Vertically
31fwrite($fh, str_repeat("\x41\x41\x41\x41", 0x1000000)); // overflow data
32fclose($fh);
33
34$im = imagecreatefromgd2($fname);
35
36if ($im) {
37    imagedestroy($im);
38}
39unlink($fname);
40
41?>
42--EXPECTF--
43Warning: imagecreatefromgd2(): Product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully
44 in %sbug72339.php on line %d
45
46Warning: imagecreatefromgd2(): "%sbug72339.gd" is not a valid GD2 file in %sbug72339.php on line %d
47