moriyoshi Wed Jun 4 10:53:31 2003 EDT Modified files: (Branch: PHP_4_3) /php4 NEWS TODO_SEGFAULTS Log: BFN updates Index: php4/NEWS diff -u php4/NEWS:1.1247.2.238 php4/NEWS:1.1247.2.239 --- php4/NEWS:1.1247.2.238 Wed Jun 4 01:54:18 2003 +++ php4/NEWS Wed Jun 4 10:53:30 2003 @@ -15,6 +15,7 @@ - Added DBA handler 'inifile' to support ini files. (Marcus) - Added a "DEBUG" note to 'php -v' output when --enable-debug is used. (Derick) - Added long options into CLI & CGI (e.g. --version). (Marcus) +- Fixed integer overflows in base64_encode(). (Moriyoshi) - Fixed possible integer overflows in bundled GD library. (Ilia) - Fixed "mysql.connect_timeout" php.ini option to be settable with ini_set(). (Rasmus) Index: php4/TODO_SEGFAULTS diff -u php4/TODO_SEGFAULTS:1.1.2.33 php4/TODO_SEGFAULTS:1.1.2.34 --- php4/TODO_SEGFAULTS:1.1.2.33 Tue Jun 3 19:57:58 2003 +++ php4/TODO_SEGFAULTS Wed Jun 4 10:53:31 2003 @@ -23,7 +23,8 @@ flock (Sascha) register_shutdown_function (Sascha) mb_strcut('', [number greater than the length of first arg]) (Moriyoshi) - ext/exif, ext/dba (7) (Marcus) + ext/exif, ext/dba (Marcus) + php_base64_encode (Moriyoshi) Open: @@ -32,8 +33,7 @@ socket_select (3) php_imagepolygon (4) imagesetstyle (5) - php_base64_encode (6) - pack (7) + pack (6) (1) heap corruption, mostly visible in malloc-related calls. Whether you see this or not might depend on your libc/compiler. Hard to track down, @@ -83,11 +83,9 @@ gdImageSetStyle function called by this php wrapper can die for the same reason. -(6) integer overflow if the specified string is longer then ~1.1 billion bytes. +(6) multiple integer overflows, ex. pack("d4294967297", 2); -(7) multiple integer overflows, ex. pack("d4294967297", 2); - -Ammendment 1. +Amendment 1. CFLAGS='-O0 -g' \ '../src/php4/configure' \
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php