moriyoshi Wed Jun 4 10:53:31 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 NEWS TODO_SEGFAULTS
Log:
BFN updates
Index: php4/NEWS
diff -u php4/NEWS:1.1247.2.238 php4/NEWS:1.1247.2.239
--- php4/NEWS:1.1247.2.238 Wed Jun 4 01:54:18 2003
+++ php4/NEWS Wed Jun 4 10:53:30 2003
@@ -15,6 +15,7 @@
- Added DBA handler 'inifile' to support ini files. (Marcus)
- Added a "DEBUG" note to 'php -v' output when --enable-debug is used. (Derick)
- Added long options into CLI & CGI (e.g. --version). (Marcus)
+- Fixed integer overflows in base64_encode(). (Moriyoshi)
- Fixed possible integer overflows in bundled GD library. (Ilia)
- Fixed "mysql.connect_timeout" php.ini option to be settable with ini_set().
(Rasmus)
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.33 php4/TODO_SEGFAULTS:1.1.2.34
--- php4/TODO_SEGFAULTS:1.1.2.33 Tue Jun 3 19:57:58 2003
+++ php4/TODO_SEGFAULTS Wed Jun 4 10:53:31 2003
@@ -23,7 +23,8 @@
flock (Sascha)
register_shutdown_function (Sascha)
mb_strcut('', [number greater than the length of first arg]) (Moriyoshi)
- ext/exif, ext/dba (7) (Marcus)
+ ext/exif, ext/dba (Marcus)
+ php_base64_encode (Moriyoshi)
Open:
@@ -32,8 +33,7 @@
socket_select (3)
php_imagepolygon (4)
imagesetstyle (5)
- php_base64_encode (6)
- pack (7)
+ pack (6)
(1) heap corruption, mostly visible in malloc-related calls. Whether you see
this or not might depend on your libc/compiler. Hard to track down,
@@ -83,11 +83,9 @@
gdImageSetStyle function called by this php wrapper can die for the
same reason.
-(6) integer overflow if the specified string is longer then ~1.1 billion bytes.
+(6) multiple integer overflows, ex. pack("d4294967297", 2);
-(7) multiple integer overflows, ex. pack("d4294967297", 2);
-
-Ammendment 1.
+Amendment 1.
CFLAGS='-O0 -g' \
'../src/php4/configure' \
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
