Port libgd/libgd/pull/711 (phpGH-16016)

cmb69 · web-flow · commit f89eb15f7221 · 2024-09-24T13:58:31.000+02:00
Note that this is not actually security related[1], but still a reasonable sanity check. "If a function be advertised to return an error code in the event of difficulties, thou shalt check for that code, yea, even though the checks triple the size of thy code and produce aches in thy typing fingers, for if thou thinkest it cannot happen to me, the gods shall surely punish thee for thy arrogance." – Henry Spencer [1] <libgd/libgd#697 (comment)>
diff --git a/ext/gd/libgd/gd_tga.c b/ext/gd/libgd/gd_tga.c
@@ -191,7 +191,10 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga)
 			return -1;
 		}
 
-		gdGetBuf(tga->ident, tga->identsize, ctx);
+		if (gdGetBuf(tga->ident, tga->identsize, ctx) != tga->identsize) {
+			gd_error("fail to read header ident");
+			return -1;
+		}
 	}
 
 	return 1;

Original file line number	Diff line number	Diff line change
`@@ -191,7 +191,10 @@ int read_header_tga(gdIOCtx ctx, oTga tga)`
`191`	`191`	`return -1;`
`192`	`192`	`}`
`193`	`193`
`194`		`- gdGetBuf(tga->ident, tga->identsize, ctx);`
	`194`	`+ if (gdGetBuf(tga->ident, tga->identsize, ctx) != tga->identsize) {`
	`195`	`+ gd_error("fail to read header ident");`
	`196`	`+ return -1;`
	`197`	`+ }`
`195`	`198`	`}`
`196`	`199`
`197`	`200`	`return 1;`