xref: /PHP-7.1/ext/gd/tests/bug72339.phpt (revision 7af945e2)
1--TEST--
2Bug #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
3--SKIPIF--
4<?php
5if (!function_exists("imagecreatefromgd2")) print "skip";
6if (!GD_BUNDLED && version_compare(GD_VERSION, '2.2.2', '<')) {
7	die("skip test requires GD 2.2.2 or higher");
8}
9?>
10--FILE--
11<?php
12$fname = dirname(__FILE__) . DIRECTORY_SEPARATOR . "bug72339.gd";
13
14$fh = fopen($fname, "w");
15fwrite($fh, "gd2\x00");
16fwrite($fh, pack("n", 2));
17fwrite($fh, pack("n", 1));
18fwrite($fh, pack("n", 1));
19fwrite($fh, pack("n", 0x40));
20fwrite($fh, pack("n", 2));
21fwrite($fh, pack("n", 0x5AA0)); // Chunks Wide
22fwrite($fh, pack("n", 0x5B00)); // Chunks Vertically
23fwrite($fh, str_repeat("\x41\x41\x41\x41", 0x1000000)); // overflow data
24fclose($fh);
25
26$im = imagecreatefromgd2($fname);
27
28if ($im) {
29	imagedestroy($im);
30}
31unlink($fname);
32
33?>
34--EXPECTF--
35Warning: imagecreatefromgd2(): gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully
36 in %sbug72339.php on line %d
37
38Warning: imagecreatefromgd2(): '%sbug72339.gd' is not a valid GD2 file in %sbug72339.php on line %d
39