[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/gd/gd.c trunk/ext/gd/gd.c

Wed, 08 Dec 2010 00:46:41 -0800 

pajoye                                   Wed, 08 Dec 2010 08:45:56 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=306075

Log:
- Fix #53492, fix crash if aa steps are invalid

Bug: http://bugs.php.net/53492 (Assigned) Stack buffer overflow in imagepstext
      
Changed paths:
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/gd/gd.c
    U   php/php-src/trunk/ext/gd/gd.c

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2010-12-08 08:20:44 UTC (rev 306074)
+++ php/php-src/branches/PHP_5_3/NEWS   2010-12-08 08:45:56 UTC (rev 306075)
@@ -207,7 +207,10 @@
     and trailing :: in the filter extension). (Gustavo)
   . Fixed bug #50117 (problems in the validation of IPv6 addresses with IPv4
     addresses and ::). (Gustavo)
-
+
+- GD extension:
+  . Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre)
+
 - GMP extension:
   . Fixed bug #52906 (gmp_mod returns negative result when non-negative is
     expected). (Stas)

Modified: php/php-src/branches/PHP_5_3/ext/gd/gd.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/gd/gd.c    2010-12-08 08:20:44 UTC (rev 
306074)
+++ php/php-src/branches/PHP_5_3/ext/gd/gd.c    2010-12-08 08:45:56 UTC (rev 
306075)
@@ -4228,6 +4228,11 @@
                return;
        }

+       if (aa_steps != 4 || aa_steps != 16) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "AA steps must be 4 
or 16");
+               RETURN_FALSE;
+       }
+
        ZEND_FETCH_RESOURCE(bg_img, gdImagePtr, &img, -1, "Image", le_gd);
        ZEND_FETCH_RESOURCE(f_ind, int *, &fnt, -1, "Type 1 font", le_ps_font);


Modified: php/php-src/trunk/ext/gd/gd.c
===================================================================
--- php/php-src/trunk/ext/gd/gd.c       2010-12-08 08:20:44 UTC (rev 306074)
+++ php/php-src/trunk/ext/gd/gd.c       2010-12-08 08:45:56 UTC (rev 306075)
@@ -4290,6 +4290,11 @@
                return;
        }

+       if (aa_steps != 4 || aa_steps != 16) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "AA steps must be 4 
or 16");
+               RETURN_FALSE;
+       }
+
        ZEND_FETCH_RESOURCE(bg_img, gdImagePtr, &img, -1, "Image", le_gd);
        ZEND_FETCH_RESOURCE(f_ind, int *, &fnt, -1, "Type 1 font", le_ps_font);



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to