This patch is adapted from commit a11f47475e6443b7f32d21f2271f28f417e2ac04 and fixes CVE-2018-5711. From a11f47475e6443b7f32d21f2271f28f417e2ac04 Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Wed, 29 Nov 2017 19:37:38 +0100 Subject: [PATCH] Fix #420: Potential infinite loop in gdImageCreateFromGifCtx Due to a signedness confusion in `GetCode_` a corrupt GIF file can trigger an infinite loop. Furthermore we make sure that a GIF without any palette entries is treated as invalid *after* open palette entries have been removed. CVE-2018-5711 See also https://bugs.php.net/bug.php?id=75571. --- src/gd_gif_in.c | 12 ++++++------ 1 file changed, 38 insertions(+), 6 deletions(-) diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c index daf26e7..0a8bd71 100644 --- a/src/gd_gif_in.c +++ b/src/gd_gif_in.c @@ -335,11 +335,6 @@ terminated: return 0; } - if(!im->colorsTotal) { - gdImageDestroy(im); - return 0; - } - /* Check for o
aboutsummaryrefslogtreecommit