History log of /PHP_TRUNK/ext/gd/libgd/gd_crop.c
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
891ff13 28-Jun-2015 Christoph M. Becker <cmb@php.net> Fix #67447: imagecrop() adds a black line when cropping

A simple one-off error: imagecrop)() copied only width-1 and height-1 pixels.
af09d8b 05-Mar-2014 Remi Collet <remi@php.net> Fixed Bug #66815 imagecrop(): insufficient fix for NULL defer CVE-2013-7327

This amends commit 8f4a537, which aimed to correct NULL dereference because of
missing check of gdImageCreateTrueColor() / gdImageCreate() return value. That
commit checks for negative crop rectangle width and height, but
gdImageCreate*() can also return NULL when width * height overflows. Hence
NULL deref is still possible, as gdImageSaveAlpha() and gdImagePaletteCopy()
is called before dst == NULL check.

This moves NULL check to happen right after gdImageCreate*(). It also removes
width and height check before gdImageCreate*(), as the same check is done by
image create functions (with an extra warning).

From thoger redhat com
464c219 28-Dec-2013 Remi Collet <remi@php.net> minor fix on previous
8f4a537 28-Dec-2013 Remi Collet <remi@php.net> Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop())

Initial fix was PHP stuff
This one is libgd fix.

- filter invalid crop size
- dont try to copy on invalid position
- fix crop size when out of src image
- fix possible NULL deref
- fix possible integer overfloow
72085b0 13-Jul-2013 Veres Lajos <vlajos@gmail.com> typo fixes
0a55c4b 03-Mar-2013 Pierre Joye <pierre.php@gmail.com> - (s)rgb distance works way better for now, re enable threshold
22aeb97 28-Feb-2013 Pierre Joye <pierre.php@gmail.com> - add todo for threshold
0c32a18 28-Feb-2013 Pierre Joye <pierre.php@gmail.com> - clean and enable threshold
a991360 28-Feb-2013 Pierre Joye <pierre.php@gmail.com> - add image crop support