pajoye Fri Jun 8 05:31:02 2007 UTC
Modified files: (Branch: PHP_4_4)
/php-src NEWS
/php-src/ext/gd/libgd gd_gif_in.c
Log:
- MFH:#41630, segfault when an invalid color index is present in the image
data
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.232&r2=1.1247.2.920.2.233&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.232 php-src/NEWS:1.1247.2.920.2.233
--- php-src/NEWS:1.1247.2.920.2.232 Sun Jun 3 16:29:24 2007
+++ php-src/NEWS Fri Jun 8 05:31:01 2007
@@ -6,8 +6,9 @@
Wagner (Ilia)
- Addded "max_input_nesting_level" php.ini option to limit nesting level of
input variables. Fix for MOPB-03-2007. (Stas)
+- Fixed bug #41630 (segfault when an invalid color index is present in
+ the image data). (Reported by Elliot <[EMAIL PROTECTED] dot com>) (Pierre)
- Fixed bug #38798 (OpenSSL init corrected in php5 but not in php4). (Tony)
-
04 May 2007, Version 4.4.7
- Fixed libgd #86 (Fixed possible infinite loop in imagecreatefrompng)
(Reported by Xavier Roche) (Pierre)
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.2.2.2.6.3&r2=1.2.2.2.6.4&diff_format=u
Index: php-src/ext/gd/libgd/gd_gif_in.c
diff -u php-src/ext/gd/libgd/gd_gif_in.c:1.2.2.2.6.3
php-src/ext/gd/libgd/gd_gif_in.c:1.2.2.2.6.4
--- php-src/ext/gd/libgd/gd_gif_in.c:1.2.2.2.6.3 Mon Jul 17 15:19:16 2006
+++ php-src/ext/gd/libgd/gd_gif_in.c Fri Jun 8 05:31:02 2007
@@ -550,6 +550,9 @@
/*} */
while ((v = LWZReadByte(fd,FALSE,c)) >= 0 ) {
+ if (v >= gdMaxColors) {
+ v = 0;
+ }
/* This how we recognize which colors are actually used. */
if (im->open[v]) {
im->open[v] = 0;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
