iliaa Thu Apr 3 19:29:37 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
Fixed segv as well as info about new segvs in gd.
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.22 php4/TODO_SEGFAULTS:1.1.2.23
--- php4/TODO_SEGFAULTS:1.1.2.22 Thu Apr 3 15:07:40 2003
+++ php4/TODO_SEGFAULTS Thu Apr 3 19:29:37 2003
@@ -9,10 +9,11 @@
exif_imagetype,exif_thumbnail (Rasmus)
dbase_open (Rasmus)
array_pad (Rasmus)
- str_repeat (Ilia)
setlocale (Rasmus)
unregister_tick_function (Rasmus)
bcsub (Rasmus)
+ str_repeat (Ilia)
+ imagecopyresized (Ilia)
mb_ereg, mb_ereg_match, mb_eregi, mb_split (Moriyoshi)
xml_parser_create (Moriyoshi)
ob_start (Sascha)
@@ -26,6 +27,7 @@
mb_strcut('', 2147483647); (2)
chunk_split (3)
socket_select (4)
+ php_imagepolygon (5)
(1) heap corruption, mostly visible in malloc-related calls. Whether you see
this or not might depend on your libc/compiler. Hard to track down,
@@ -74,7 +76,8 @@
echo dbase_open | php do_crash.txt
-
+(5) integer overflow inside php_imagepolygon and possible subsequent
+ integer overflows inside gdlib's gdImageFilledPolygon().
Ammendment 1.
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
