pajoye Wed, 08 Dec 2010 08:45:56 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=306075
Log: - Fix #53492, fix crash if aa steps are invalid Bug: http://bugs.php.net/53492 (Assigned) Stack buffer overflow in imagepstext Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/gd/gd.c U php/php-src/trunk/ext/gd/gd.c Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2010-12-08 08:20:44 UTC (rev 306074) +++ php/php-src/branches/PHP_5_3/NEWS 2010-12-08 08:45:56 UTC (rev 306075) @@ -207,7 +207,10 @@ and trailing :: in the filter extension). (Gustavo) . Fixed bug #50117 (problems in the validation of IPv6 addresses with IPv4 addresses and ::). (Gustavo) - + +- GD extension: + . Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre) + - GMP extension: . Fixed bug #52906 (gmp_mod returns negative result when non-negative is expected). (Stas) Modified: php/php-src/branches/PHP_5_3/ext/gd/gd.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/gd/gd.c 2010-12-08 08:20:44 UTC (rev 306074) +++ php/php-src/branches/PHP_5_3/ext/gd/gd.c 2010-12-08 08:45:56 UTC (rev 306075) @@ -4228,6 +4228,11 @@ return; } + if (aa_steps != 4 || aa_steps != 16) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "AA steps must be 4 or 16"); + RETURN_FALSE; + } + ZEND_FETCH_RESOURCE(bg_img, gdImagePtr, &img, -1, "Image", le_gd); ZEND_FETCH_RESOURCE(f_ind, int *, &fnt, -1, "Type 1 font", le_ps_font); Modified: php/php-src/trunk/ext/gd/gd.c =================================================================== --- php/php-src/trunk/ext/gd/gd.c 2010-12-08 08:20:44 UTC (rev 306074) +++ php/php-src/trunk/ext/gd/gd.c 2010-12-08 08:45:56 UTC (rev 306075) @@ -4290,6 +4290,11 @@ return; } + if (aa_steps != 4 || aa_steps != 16) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "AA steps must be 4 or 16"); + RETURN_FALSE; + } + ZEND_FETCH_RESOURCE(bg_img, gdImagePtr, &img, -1, "Image", le_gd); ZEND_FETCH_RESOURCE(f_ind, int *, &fnt, -1, "Type 1 font", le_ps_font);
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php