Here's another small little patch to fix imagepsextendfont() that sanity checks the $extend parameter to make sure it's greater than zero. Although less than zero "works" (i.e. it doesn't crash anything) it really shouldn't be allowed.
John -~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~- John Coggeshall john at coggeshall dot org http://www.coggeshall.org/ -~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~--~=~- Index: gd.c =================================================================== RCS file: /repository/php4/ext/gd/gd.c,v retrieving revision 1.261 diff -u -r1.261 gd.c --- gd.c 31 Mar 2003 08:49:19 -0000 1.261 +++ gd.c 3 Apr 2003 05:54:56 -0000 @@ -3339,6 +3325,11 @@ ZEND_FETCH_RESOURCE(f_ind, int *, fnt, -1, "Type 1 font", le_ps_font); T1_DeleteAllSizes(*f_ind); + if(Z_DVAL_PP(ext) <= 0) { + + php_error_docref(NULL TSRMLS_CC, E_ERROR, "Second parameter %f out of range (must be > 0)", Z_DVAL_PP(ext)); + RETURN_FALSE; + } -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
