diff --git a/NEWS b/NEWS index 6481b0208a438..d42a9f409f286 100644 --- a/NEWS +++ b/NEWS @@ -17,6 +17,7 @@ PHP NEWS . Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb) . Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted files). (cmb) + . Fixed bug #73161 (imagecreatefromgd2() may leak memory). (cmb) - JSON: . Fixed bug #73113 (Segfault with throwing JsonSerializable). (julien) diff --git a/ext/gd/libgd/gd_gd2.c b/ext/gd/libgd/gd_gd2.c index 57d5844510f14..d06f328425e81 100644 --- a/ext/gd/libgd/gd_gd2.c +++ b/ext/gd/libgd/gd_gd2.c @@ -191,21 +191,21 @@ static gdImagePtr _gd2CreateFromFile (gdIOCtxPtr in, int *sx, int *sy, int *cs, } if (im == NULL) { GD2_DBG(php_gd_error("Could not create gdImage")); - goto fail1; + goto fail2; } if (!_gdGetColors(in, im, (*vers) == 2)) { GD2_DBG(php_gd_error("Could not read color palette")); - goto fail2; + goto fail3; } GD2_DBG(php_gd_error("Image palette completed: %d colours", im->colorsTotal)); return im; -fail2: +fail3: gdImageDestroy(im); - return 0; - +fail2: + gdFree(*cidx); fail1: return 0; } diff --git a/ext/gd/tests/bug73161.gd2 b/ext/gd/tests/bug73161.gd2 new file mode 100644 index 0000000000000..f5084e4976994 Binary files /dev/null and b/ext/gd/tests/bug73161.gd2 differ diff --git a/ext/gd/tests/bug73161.phpt b/ext/gd/tests/bug73161.phpt new file mode 100644 index 0000000000000..42ad718606438 --- /dev/null +++ b/ext/gd/tests/bug73161.phpt @@ -0,0 +1,18 @@ +--TEST-- +Bug #73161 (imagecreatefromgd2() may leak memory) +--DESCRIPTION-- +We're testing for a memory leak that might not even show up with valgrind. +--SKIPIF-- + +--FILE-- + +===DONE=== +--EXPECTF-- +Warning: imagecreatefromgd2(): '%s' is not a valid GD2 file in %s on line %d +bool(false) +===DONE===