Fix GH-17772: imagepalettetotruecolor segfault on invalid truecolor p… #17777
Conversation
|
Ugh, that's ugly, since it only affects bundled libgd which uses ZendMM; there appear to be no issues with external libgd (which doesn't heed memory_limit anyway). So it's not likely that we can have a fix being applied upstream, but further down the road some sync might get rid of our fix (should probably add a comment, that Possibly even worse, if upstream ever implements custom allocators (libgd/libgd#335), The general problem I'm seeing here is that libgd never came around to actually implement a contiguous buffer for the pixels (although that is planned for many, many years), so you would have a single allocation upfront, instead of allocating an individual buffer for each row. |
| imagepalettetotruecolor($im); | ||
| ?> | ||
| --EXPECTF-- | ||
| Fatal error: Allowed memory size of %d bytes exhausted%s(tried to allocate %d bytes) in %s on line %d |
There was a problem hiding this comment.
Since that will only happen with bundled libgd, the test should be skipped if !GD_BUNDLED.
| @@ -3108,7 +3108,7 @@ int gdImagePaletteToTrueColor(gdImagePtr src) | |||
| const unsigned int sy = gdImageSY(src); | |||
| const unsigned int sx = gdImageSX(src); | |||
|
|
|||
| src->tpixels = (int **) gdMalloc(sizeof(int *) * sy); | |||
| src->tpixels = (int **) gdCalloc(sizeof(int *), sy); | |||
There was a problem hiding this comment.
Please add a comment that this is an intended change, so it won't be inadvertently dropped when syncing with upstream.
ext/gd/tests/gh17772.phpt
Outdated
| YuanchengJiang | ||
| --SKIPIF-- | ||
| <?php | ||
| if (!GD_BUNDLED) die("skip requires bundled GD library\n"); |
There was a problem hiding this comment.
I think that trailing \n is superfluous at best.
| if (!GD_BUNDLED) die("skip requires bundled GD library\n"); | |
| if (!GD_BUNDLED) die("skip requires bundled GD library"); |
…ixel.