What about 5.2?

On Wed, Dec 8, 2010 at 3:45 AM, Pierre Joye <paj...@php.net> wrote:
> pajoye                                   Wed, 08 Dec 2010 08:45:56 +0000
>
> Revision: http://svn.php.net/viewvc?view=revision&revision=306075
>
> Log:
> - Fix #53492, fix crash if aa steps are invalid
>
> Bug: http://bugs.php.net/53492 (Assigned) Stack buffer overflow in imagepstext
>
> Changed paths:
>    U   php/php-src/branches/PHP_5_3/NEWS
>    U   php/php-src/branches/PHP_5_3/ext/gd/gd.c
>    U   php/php-src/trunk/ext/gd/gd.c
>
> Modified: php/php-src/branches/PHP_5_3/NEWS
> ===================================================================
> --- php/php-src/branches/PHP_5_3/NEWS   2010-12-08 08:20:44 UTC (rev 306074)
> +++ php/php-src/branches/PHP_5_3/NEWS   2010-12-08 08:45:56 UTC (rev 306075)
> @@ -207,7 +207,10 @@
>     and trailing :: in the filter extension). (Gustavo)
>   . Fixed bug #50117 (problems in the validation of IPv6 addresses with IPv4
>     addresses and ::). (Gustavo)
> -
> +
> +- GD extension:
> +  . Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre)
> +
>  - GMP extension:
>   . Fixed bug #52906 (gmp_mod returns negative result when non-negative is
>     expected). (Stas)
>
> Modified: php/php-src/branches/PHP_5_3/ext/gd/gd.c
> ===================================================================
> --- php/php-src/branches/PHP_5_3/ext/gd/gd.c    2010-12-08 08:20:44 UTC (rev 
> 306074)
> +++ php/php-src/branches/PHP_5_3/ext/gd/gd.c    2010-12-08 08:45:56 UTC (rev 
> 306075)
> @@ -4228,6 +4228,11 @@
>                return;
>        }
>
> +       if (aa_steps != 4 || aa_steps != 16) {
> +               php_error_docref(NULL TSRMLS_CC, E_WARNING, "AA steps must be 
> 4 or 16");
> +               RETURN_FALSE;
> +       }
> +
>        ZEND_FETCH_RESOURCE(bg_img, gdImagePtr, &img, -1, "Image", le_gd);
>        ZEND_FETCH_RESOURCE(f_ind, int *, &fnt, -1, "Type 1 font", le_ps_font);
>
>
> Modified: php/php-src/trunk/ext/gd/gd.c
> ===================================================================
> --- php/php-src/trunk/ext/gd/gd.c       2010-12-08 08:20:44 UTC (rev 306074)
> +++ php/php-src/trunk/ext/gd/gd.c       2010-12-08 08:45:56 UTC (rev 306075)
> @@ -4290,6 +4290,11 @@
>                return;
>        }
>
> +       if (aa_steps != 4 || aa_steps != 16) {
> +               php_error_docref(NULL TSRMLS_CC, E_WARNING, "AA steps must be 
> 4 or 16");
> +               RETURN_FALSE;
> +       }
> +
>        ZEND_FETCH_RESOURCE(bg_img, gdImagePtr, &img, -1, "Image", le_gd);
>        ZEND_FETCH_RESOURCE(f_ind, int *, &fnt, -1, "Type 1 font", le_ps_font);
>
>
>
> --
> PHP CVS Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to