oh right, should be fixed there too. I will merge the fix once I'm
back home. Thanks for the head up

On Wed, Dec 8, 2010 at 1:26 PM, Ilia Alshanetsky <i...@prohost.org> wrote:
> What about 5.2?
>
> On Wed, Dec 8, 2010 at 3:45 AM, Pierre Joye <paj...@php.net> wrote:
>> pajoye                                   Wed, 08 Dec 2010 08:45:56 +0000
>>
>> Revision: http://svn.php.net/viewvc?view=revision&revision=306075
>>
>> Log:
>> - Fix #53492, fix crash if aa steps are invalid
>>
>> Bug: http://bugs.php.net/53492 (Assigned) Stack buffer overflow in 
>> imagepstext
>>
>> Changed paths:
>>    U   php/php-src/branches/PHP_5_3/NEWS
>>    U   php/php-src/branches/PHP_5_3/ext/gd/gd.c
>>    U   php/php-src/trunk/ext/gd/gd.c
>>
>> Modified: php/php-src/branches/PHP_5_3/NEWS
>> ===================================================================
>> --- php/php-src/branches/PHP_5_3/NEWS   2010-12-08 08:20:44 UTC (rev 306074)
>> +++ php/php-src/branches/PHP_5_3/NEWS   2010-12-08 08:45:56 UTC (rev 306075)
>> @@ -207,7 +207,10 @@
>>     and trailing :: in the filter extension). (Gustavo)
>>   . Fixed bug #50117 (problems in the validation of IPv6 addresses with IPv4
>>     addresses and ::). (Gustavo)
>> -
>> +
>> +- GD extension:
>> +  . Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). 
>> (Pierre)
>> +
>>  - GMP extension:
>>   . Fixed bug #52906 (gmp_mod returns negative result when non-negative is
>>     expected). (Stas)
>>
>> Modified: php/php-src/branches/PHP_5_3/ext/gd/gd.c
>> ===================================================================
>> --- php/php-src/branches/PHP_5_3/ext/gd/gd.c    2010-12-08 08:20:44 UTC (rev 
>> 306074)
>> +++ php/php-src/branches/PHP_5_3/ext/gd/gd.c    2010-12-08 08:45:56 UTC (rev 
>> 306075)
>> @@ -4228,6 +4228,11 @@
>>                return;
>>        }
>>
>> +       if (aa_steps != 4 || aa_steps != 16) {
>> +               php_error_docref(NULL TSRMLS_CC, E_WARNING, "AA steps must 
>> be 4 or 16");
>> +               RETURN_FALSE;
>> +       }
>> +
>>        ZEND_FETCH_RESOURCE(bg_img, gdImagePtr, &img, -1, "Image", le_gd);
>>        ZEND_FETCH_RESOURCE(f_ind, int *, &fnt, -1, "Type 1 font", 
>> le_ps_font);
>>
>>
>> Modified: php/php-src/trunk/ext/gd/gd.c
>> ===================================================================
>> --- php/php-src/trunk/ext/gd/gd.c       2010-12-08 08:20:44 UTC (rev 306074)
>> +++ php/php-src/trunk/ext/gd/gd.c       2010-12-08 08:45:56 UTC (rev 306075)
>> @@ -4290,6 +4290,11 @@
>>                return;
>>        }
>>
>> +       if (aa_steps != 4 || aa_steps != 16) {
>> +               php_error_docref(NULL TSRMLS_CC, E_WARNING, "AA steps must 
>> be 4 or 16");
>> +               RETURN_FALSE;
>> +       }
>> +
>>        ZEND_FETCH_RESOURCE(bg_img, gdImagePtr, &img, -1, "Image", le_gd);
>>        ZEND_FETCH_RESOURCE(f_ind, int *, &fnt, -1, "Type 1 font", 
>> le_ps_font);
>>
>>
>>
>> --
>> PHP CVS Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
> --
> PHP CVS Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>



-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org

--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to