iliaa           Thu Apr  3 19:29:37 2003 EDT

  Modified files:              (Branch: PHP_4_3)
    /php4       TODO_SEGFAULTS 
  Log:
  Fixed segv as well as info about new segvs in gd.
  
  
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.22 php4/TODO_SEGFAULTS:1.1.2.23
--- php4/TODO_SEGFAULTS:1.1.2.22        Thu Apr  3 15:07:40 2003
+++ php4/TODO_SEGFAULTS Thu Apr  3 19:29:37 2003
@@ -9,10 +9,11 @@
     exif_imagetype,exif_thumbnail (Rasmus)
     dbase_open (Rasmus)
     array_pad (Rasmus)
-    str_repeat (Ilia)
     setlocale (Rasmus)
     unregister_tick_function (Rasmus)
     bcsub (Rasmus)
+    str_repeat (Ilia)
+    imagecopyresized (Ilia)
     mb_ereg, mb_ereg_match, mb_eregi, mb_split (Moriyoshi)
     xml_parser_create (Moriyoshi)
     ob_start (Sascha)
@@ -26,6 +27,7 @@
     mb_strcut('', 2147483647);  (2)
     chunk_split                 (3)
     socket_select               (4)
+    php_imagepolygon           (5)
        
 (1) heap corruption, mostly visible in malloc-related calls.  Whether you see 
     this or not might depend on your libc/compiler.  Hard to track down,
@@ -74,7 +76,8 @@
 
         echo dbase_open | php do_crash.txt
 
-
+(5) integer overflow inside php_imagepolygon and possible subsequent 
+    integer overflows inside gdlib's gdImageFilledPolygon().
 
 
 Ammendment 1.



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to