mattias Tue Oct 23 01:58:30 2007 UTC Modified files: (Branch: PHP_5_3) /php-src/ext/gd/libgd gd_security.c Log: -MFB, Be paranoid and dont allow multiplication with zero http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_security.c?r1=1.1.2.2&r2=1.1.2.2.2.1&diff_format=u Index: php-src/ext/gd/libgd/gd_security.c diff -u php-src/ext/gd/libgd/gd_security.c:1.1.2.2 php-src/ext/gd/libgd/gd_security.c:1.1.2.2.2.1 --- php-src/ext/gd/libgd/gd_security.c:1.1.2.2 Sat Mar 10 12:18:36 2007 +++ php-src/ext/gd/libgd/gd_security.c Tue Oct 23 01:58:30 2007 @@ -19,12 +19,10 @@ int overflow2(int a, int b) { - if(a < 0 || b < 0) { - php_gd_error("gd warning: one parameter to a memory allocation multiplication is negative, failing operation gracefully\n"); + if(a <= 0 || b <= 0) { + php_gd_error("gd warning: one parameter to a memory allocation multiplication is negative or zero, failing operation gracefully\n"); return 1; } - if(b == 0) - return 0; if(a > INT_MAX / b) { php_gd_error("gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n"); return 1;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php