iliaa Thu Apr 3 19:44:35 2003 EDT Modified files: (Branch: PHP_4_3) /php4 TODO_SEGFAULTS Log: More gd stuff. Index: php4/TODO_SEGFAULTS diff -u php4/TODO_SEGFAULTS:1.1.2.23 php4/TODO_SEGFAULTS:1.1.2.24 --- php4/TODO_SEGFAULTS:1.1.2.23 Thu Apr 3 19:29:37 2003 +++ php4/TODO_SEGFAULTS Thu Apr 3 19:44:34 2003 @@ -28,6 +28,7 @@ chunk_split (3) socket_select (4) php_imagepolygon (5) + imagesetstyle (6) (1) heap corruption, mostly visible in malloc-related calls. Whether you see this or not might depend on your libc/compiler. Hard to track down, @@ -79,6 +80,10 @@ (5) integer overflow inside php_imagepolygon and possible subsequent integer overflows inside gdlib's gdImageFilledPolygon(). +(6) integer overflow if the number of elements in the array passed as + second argument * sizeof(int) result in an overflow. + gdImageSetStyle function called by this php wrapper can die for the + same reason. Ammendment 1.
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php