From 54973c9366b3aff148d58d7f3eeb136624fdb267 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sat, 5 Oct 2024 06:27:19 +0100 Subject: [PATCH] Fix GH-16232: bitshift overflow on wbmp file content reading. backport from https://github.com/libgd/libgd/commit/a8f1d5cab0cad2bca2ed88a49c3f3de8585ff19b close GH-16239 --- NEWS | 4 ++++ ext/gd/libgd/wbmp.c | 3 ++- ext/gd/tests/gh16232.phpt | 27 +++++++++++++++++++++++++++ 3 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 ext/gd/tests/gh16232.phpt diff --git a/NEWS b/NEWS index b005320f61d..c175cd37371 100644 --- a/NEWS +++ b/NEWS @@ -31,6 +31,10 @@ PHP NEWS . Fixed bug GH-16151 (Assertion failure in ext/dom/parentnode/tree.c). (nielsdos) +- GD: + . Fixed bug 16232 (bitshift overflow on wbmp file content reading / + fix backport from upstream). (David Carlier) + - LDAP: . Fixed bug GH-16032 (Various NULL pointer dereferencements in ldap_modify_batch()). (Girgias) diff --git a/ext/gd/libgd/wbmp.c b/ext/gd/libgd/wbmp.c index 4c3eeee7df8..dbca0f0178c 100644 --- a/ext/gd/libgd/wbmp.c +++ b/ext/gd/libgd/wbmp.c @@ -37,7 +37,8 @@ int getmbi (int (*getin) (void *in), void *in) { - int i, mbi = 0; + unsigned int mbi = 0; + int i; do { diff --git a/ext/gd/tests/gh16232.phpt b/ext/gd/tests/gh16232.phpt new file mode 100644 index 00000000000..7f839d737bb --- /dev/null +++ b/ext/gd/tests/gh16232.phpt @@ -0,0 +1,27 @@ +--TEST-- +GH-16232 (Overflow on reading wbmp content) +--EXTENSIONS-- +gd +--FILE-- +