Overview

File php-CVE-2016-6128.patch of Package php7.7220

https://github.com/libgd/libgd/compare/3fe0a71...6ff72ae.patch
--- php-5.6.1/ext/gd/libgd/gd_crop.c
+++ php-5.6.1/ext/gd/libgd/gd_crop.c
@@ -136,6 +136,10 @@ BGD_DECLARE(gdImagePtr) gdImageCropThreshold(gdImagePtr im, const unsigned int c
 		return NULL;
 	}
 
+	if (color < 0 || (!gdImageTrueColor(im) && color >= gdImageColorsTotal(im))) {
+		return NULL;
+	}
+
 	/* TODO: Add gdImageGetRowPtr and works with ptr at the row level
 	 * for the true color and palette images
 	 * new formats will simply work with ptr
openSUSE Build Service is sponsored by
Places