[PHP-DEV] [PATCH] Bug #6130: Reproduceable Segfault : imagecolortransparent with 1 argument From: Flavien Lebarbé (flavien <email protected>)
Date: 08/20/00

Hello,

As Martin reported (bug #6130), if the function imagecolortransparent
(ext/gd) is called with only one argument, php segfaults (using
CVS 2 days ago).

Reproducing script (php compiled with gd support) : 

---
<?
$i=imagecreate(5,5);
imagecolortransparent($i);
?>
---

 From php/ext/gd/gd.c :
---
PHP_FUNCTION(imagecolortransparent)
{
    zval **IM, **COL = NULL;
[...]
    switch(ZEND_NUM_ARGS()) {
    case 1:
        if (zend_get_parameters_ex(1, &IM) == FAILURE) {
[...]
	}
    case 2:
[...]
    }
[...]
    if ( (*COL) != NULL) {
        col = (*COL)->value.lval;
[...]
---
As you can see, if there's only one argument, COL is
initialized to NULL and then we try to access *COL, which
produces a SegFault.

The proposed patch (attached) prevents this.

Please feel free to apply ! :)

Flavien Lebarbé.

--- gd.c.orig Sun Aug 20 20:02:56 2000 +++ gd.c Sun Aug 20 19:57:21 2000 @@ -1386,7 +1386,7 @@ ZEND_FETCH_RESOURCE(im, gdImagePtr, IM, -1, "Image", GDG(le_gd)); - if ((*COL) != NULL) { + if ( (COL != NULL) && ((*COL) != NULL)) { col = (*COL)->value.lval; gdImageColorTransparent(im,col); } 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>