mattias Tue Oct 23 01:58:30 2007 UTC
Modified files: (Branch: PHP_5_3)
/php-src/ext/gd/libgd gd_security.c
Log:
-MFB, Be paranoid and dont allow multiplication with zero
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_security.c?r1=1.1.2.2&r2=1.1.2.2.2.1&diff_format=u
Index: php-src/ext/gd/libgd/gd_security.c
diff -u php-src/ext/gd/libgd/gd_security.c:1.1.2.2
php-src/ext/gd/libgd/gd_security.c:1.1.2.2.2.1
--- php-src/ext/gd/libgd/gd_security.c:1.1.2.2 Sat Mar 10 12:18:36 2007
+++ php-src/ext/gd/libgd/gd_security.c Tue Oct 23 01:58:30 2007
@@ -19,12 +19,10 @@
int overflow2(int a, int b)
{
- if(a < 0 || b < 0) {
- php_gd_error("gd warning: one parameter to a memory allocation
multiplication is negative, failing operation gracefully\n");
+ if(a <= 0 || b <= 0) {
+ php_gd_error("gd warning: one parameter to a memory allocation
multiplication is negative or zero, failing operation gracefully\n");
return 1;
}
- if(b == 0)
- return 0;
if(a > INT_MAX / b) {
php_gd_error("gd warning: product of memory allocation
multiplication would exceed INT_MAX, failing operation gracefully\n");
return 1;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
