libgd gd_security.c

Mattias Bengtsson Mon, 22 Oct 2007 18:58:30 -0700

mattias         Tue Oct 23 01:58:09 2007 UTC

  Modified files:              (Branch: PHP_5_2)
    /php-src/ext/gd/libgd       gd_security.c 
  Log:
  - Be paranoid and dont allow multiplication with zero
  
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_security.c?r1=1.1.2.2&r2=1.1.2.3&diff_format=u
Index: php-src/ext/gd/libgd/gd_security.c
diff -u php-src/ext/gd/libgd/gd_security.c:1.1.2.2 
php-src/ext/gd/libgd/gd_security.c:1.1.2.3
--- php-src/ext/gd/libgd/gd_security.c:1.1.2.2  Sat Mar 10 12:18:36 2007
+++ php-src/ext/gd/libgd/gd_security.c  Tue Oct 23 01:58:08 2007
@@ -19,12 +19,10 @@
 
 int overflow2(int a, int b)
 {
-       if(a < 0 || b < 0) {
-               php_gd_error("gd warning: one parameter to a memory allocation 
multiplication is negative, failing operation gracefully\n");
+       if(a <= 0 || b <= 0) {
+               php_gd_error("gd warning: one parameter to a memory allocation 
multiplication is negative or zero, failing operation gracefully\n");
                return 1;
        }
-       if(b == 0)
-               return 0;
        if(a > INT_MAX / b) {
                php_gd_error("gd warning: product of memory allocation 
multiplication would exceed INT_MAX, failing operation gracefully\n");
                return 1;


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/libgd gd_security.c

Reply via email to