From 0c570e2ca5498d15e93f539eee7bcf49dff8a8f4 Mon Sep 17 00:00:00 2001
From: 8chan <admin@8chan.co>
Date: Sat, 11 Oct 2014 15:41:16 -0700
Subject: [PATCH] SECURITY: imagemagick/graphicsmagick was ignoring all errors

So, in a much older patch I had a problem where an incorrect RGB
profile would make image uploads fail. I fixed this by using strpos
against the error message...but didn't check the return value
correctly.

That means that any error from gm/im was ignored. This caused people
to upload too large images and flood /b/ with 1 x 10000 pixel images

My fault, patched now. Sorry about that.
---
 inc/image.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/inc/image.php b/inc/image.php
index ab2dfee8..3a678cdf 100644
--- a/inc/image.php
+++ b/inc/image.php
@@ -330,6 +330,7 @@ class ImageConvert extends ImageBase {
 					$convert_args = str_replace('-auto-orient', '', $config['convert_args']);
 				else
 					$convert_args = &$config['convert_args'];
+
 				if (($error = shell_exec_error(($this->gm ? 'gm ' : '') . 'convert ' .
 					sprintf($convert_args,
 						$this->width,
@@ -361,9 +362,9 @@ class ImageConvert extends ImageBase {
 					$this->width,
 					$this->height,
 					escapeshellarg($this->temp)))) || !file_exists($this->temp)) {
-					if (strpos($error, "known incorrect sRGB profile") === "false") {
+					if (strpos($error, "known incorrect sRGB profile") === false) {
 						$this->destroy();
-						error('Failed to resize image!', null, $error);
+						error('Failed to resize image!', null, array('convert_error' => $error));
 					}
 				if (!file_exists($this->temp)) {
 					$this->destroy();