mahara-contributors team mailing list archive

Thread
Date

[Bug 784978] A change has been merged

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Mahara Bot <784978@xxxxxxxxxxxxxxxxxx>
Date: Fri, 25 Nov 2011 02:13:09 -0000
Reply-to: Bug 784978 <784978@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://reviews.mahara.org/882
Committed: http://gitorious.org/mahara/mahara/commit/a7d5e2fd64a0c7dd47f1e6470652d83de85acac9
Submitter: Richard Mansfield (richardm@xxxxxxxxxx)
Branch:    master

commit a7d5e2fd64a0c7dd47f1e6470652d83de85acac9
Author: Richard Mansfield <richard.mansfield@xxxxxxxxxxxxxxx>
Date:   Thu Nov 24 18:39:59 2011 +1300

    Check mimetype when bits per pixel not returned by gd (bug #784978)
    
    Sometimes when creating a thumbnail image, getimagesize doesn't return
    a value for bits per pixel on certain gifs.  This creates warnings in
    the logs when approximating the required memory consumption, and also
    refuses to create the thumbnail.  We can check the mimetype of the
    image when 'bits' is not set, and when it's a gif, just assume the
    maximum value (8 bpp).
    
    Change-Id: Ie4a7161f8e17fa17291448084a57fa13873e0e4a
    Signed-off-by: Richard Mansfield <richard.mansfield@xxxxxxxxxxxxxxx>

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/784978

Title:
  Potential DoS attack by running large images through GD

Status in Mahara ePortfolio:
  Fix Released
Status in Mahara 1.4 series:
  Fix Released

Bug description:
  When resizing images to create icons, etc., gd's imagecreatefrompng,
  etc., functions are called without checking the image size.  This can
  gobble lots of memory when the images are large, because gd can
  allocate memory without respecting the php memory limit.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/784978/+subscriptions