iliaa                                    Wed, 08 Dec 2010 22:30:12 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=306097

Log:
Fixed bug #53492 (fix crash if anti-aliasing steps are invalid).

Bug: http://bugs.php.net/53492 (Closed) Stack buffer overflow in imagepstext
      
Changed paths:
    U   php/php-src/branches/PHP_5_2/NEWS
    U   php/php-src/branches/PHP_5_2/ext/gd/gd.c

Modified: php/php-src/branches/PHP_5_2/NEWS
===================================================================
--- php/php-src/branches/PHP_5_2/NEWS   2010-12-08 22:07:40 UTC (rev 306096)
+++ php/php-src/branches/PHP_5_2/NEWS   2010-12-08 22:30:12 UTC (rev 306097)
@@ -1,21 +1,18 @@
 ´╗┐PHP                                                                        
NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? ??? 2010, PHP 5.2.15
-
-02 Dec 2010, PHP 5.2.15RC2
+09 Dec 2010, PHP 5.2.15
 - Fixed extract() to do not overwrite $GLOBALS and $this when using
-  EXTR_OVERWRITE. (jorto at redhat dot com)
-
-18 Nov 2010, PHP 5.2.15RC1
+  EXTR_OVERWRITE. (jorto at redhat dot com)
 - Fixed crash in zip extract method (possible CWE-170).
   (Maksymilian Arciemowicz, Pierre)
 - Fixed a possible double free in imap extension (Identified by Mateusz
   Kocielski). (CVE-2010-4150). (Ilia)
 - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
 - Fixed possible crash in mssql_fetch_batch(). (Kalle)
-
 - Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
   (CVE-2010-3709). (Maksymilian Arciemowicz)
+
+- Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre)
 - Fixed bug #53323 (pdo_firebird getAttribute() crash).
   (preeves at ibphoenix dot com)
 - Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with

Modified: php/php-src/branches/PHP_5_2/ext/gd/gd.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/gd/gd.c    2010-12-08 22:07:40 UTC (rev 
306096)
+++ php/php-src/branches/PHP_5_2/ext/gd/gd.c    2010-12-08 22:30:12 UTC (rev 
306097)
@@ -4593,6 +4593,11 @@
                return;
        }

+       if (aa_steps != 4 || aa_steps != 16) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "AA steps must be 4 
or 16");
+               RETURN_FALSE;
+       }
+
        ZEND_FETCH_RESOURCE(bg_img, gdImagePtr, &img, -1, "Image", le_gd);
        ZEND_FETCH_RESOURCE(f_ind, int *, &fnt, -1, "Type 1 font", le_ps_font);


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to