[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/gd gd.c /ext/gd/libgd gd.c
pajoye Tue Sep 11 21:03:48 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS /php-src/ext/gd gd.c /php-src/ext/gd/libgd gd.c Log: - [DOC] add alpha support for imagefilter's IMG_FILTER_COLORIZE http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.940r2=1.2027.2.547.2.941diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.940 php-src/NEWS:1.2027.2.547.2.941 --- php-src/NEWS:1.2027.2.547.2.940 Mon Sep 10 23:42:54 2007 +++ php-src/NEWSTue Sep 11 21:03:47 2007 @@ -11,6 +11,7 @@ - Upgraded PCRE to version 7.3 (Nuno) - Added optional parameter $provide_object to debug_backtrace(). (Sebastian) +- Added alpha support for imagefilter's IMG_FILTER_COLORIZE - Fixed Bug #42596 (session.save_path MODE option does not work). (Ilia) - Fixed bug #42590 (Make the engine recornize \v and \f escape sequences). http://cvs.php.net/viewvc.cgi/php-src/ext/gd/gd.c?r1=1.312.2.20.2.31r2=1.312.2.20.2.32diff_format=u Index: php-src/ext/gd/gd.c diff -u php-src/ext/gd/gd.c:1.312.2.20.2.31 php-src/ext/gd/gd.c:1.312.2.20.2.32 --- php-src/ext/gd/gd.c:1.312.2.20.2.31 Wed Aug 29 06:26:30 2007 +++ php-src/ext/gd/gd.c Tue Sep 11 21:03:48 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: gd.c,v 1.312.2.20.2.31 2007/08/29 06:26:30 pajoye Exp $ */ +/* $Id: gd.c,v 1.312.2.20.2.32 2007/09/11 21:03:48 pajoye Exp $ */ /* gd 1.2 is copyright 1994, 1995, Quest Protein Database Center, Cold Spring Harbor Labs. */ @@ -5178,8 +5178,9 @@ zval *SIM; gdImagePtr im_src; long r,g,b,tmp; + long a = 0; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, r, SIM, tmp, r, g, b) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, r|l, SIM, tmp, r, g, b, a) == FAILURE) { RETURN_FALSE; } @@ -5189,7 +5190,7 @@ RETURN_FALSE; } - if (gdImageColor(im_src, (int) r, (int) g, (int) b) == 1) { + if (gdImageColor(im_src, (int) r, (int) g, (int) b, (int) a) == 1) { RETURN_TRUE; } @@ -5298,7 +5299,7 @@ php_image_filter_smooth }; - if (ZEND_NUM_ARGS() 2 || ZEND_NUM_ARGS() 5) { + if (ZEND_NUM_ARGS() 2 || ZEND_NUM_ARGS() 6) { WRONG_PARAM_COUNT; } else if (zend_parse_parameters(2 TSRMLS_CC, rl, tmp, filtertype) == FAILURE) { return; http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd.c?r1=1.90.2.1.2.20r2=1.90.2.1.2.21diff_format=u Index: php-src/ext/gd/libgd/gd.c diff -u php-src/ext/gd/libgd/gd.c:1.90.2.1.2.20 php-src/ext/gd/libgd/gd.c:1.90.2.1.2.21 --- php-src/ext/gd/libgd/gd.c:1.90.2.1.2.20 Sun Sep 9 13:05:51 2007 +++ php-src/ext/gd/libgd/gd.c Tue Sep 11 21:03:48 2007 @@ -3807,15 +3807,14 @@ } -int gdImageColor(gdImagePtr src, int red, int green, int blue) +int gdImageColor(gdImagePtr src, const int red, const int green, const int blue, const int alpha) { int x, y; - int r,g,b,a; int new_pxl, pxl; typedef int (*FuncPtr)(gdImagePtr, int, int); FuncPtr f; - if (src==NULL || (red-255||red255) || (green-255||green255) || (blue-255||blue255)) { + if (src == NULL) { return 0; } @@ -3823,6 +3822,8 @@ for (y=0; ysrc-sy; ++y) { for (x=0; xsrc-sx; ++x) { + int r,g,b,a; + pxl = f(src, x, y); r = gdImageRed(src, pxl); g = gdImageGreen(src, pxl); @@ -3832,14 +3833,16 @@ r = r + red; g = g + green; b = b + blue; + a = a + alpha; - r = (r 255)? 255 : ((r 0)? 0:r); - g = (g 255)? 255 : ((g 0)? 0:g); - b = (b 255)? 255 : ((b 0)? 0:b); + r = (r 255)? 255 : ((r 0)? 0 : r); + g = (g 255)? 255 : ((g 0)? 0 : g); + b = (b 255)? 255 : ((b 0)? 0 : b); + a = (a 127)? 127 : ((a 0)? 0 : a); - new_pxl = gdImageColorAllocateAlpha(src, (int)r, (int)g, (int)b, a); + new_pxl = gdImageColorAllocateAlpha(src, r, g, b, a); if (new_pxl == -1) { - new_pxl = gdImageColorClosestAlpha(src, (int)r, (int)g, (int)b, a); + new_pxl = gdImageColorClosestAlpha(src, r, g, b, a); } gdImageSetPixel (src, x, y, new_pxl); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/gd gd.c /ext/gd/libgd gd.c
tony2001Wed Jun 6 09:45:43 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS /php-src/ext/gd/libgd gd.c /php-src/ext/gd gd.c Log: MFH: fix several integer overflows in GD http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.762r2=1.2027.2.547.2.763diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.762 php-src/NEWS:1.2027.2.547.2.763 --- php-src/NEWS:1.2027.2.547.2.762 Wed Jun 6 08:35:44 2007 +++ php-src/NEWSWed Jun 6 09:45:43 2007 @@ -7,6 +7,8 @@ GD_RELEASE_VERSION, GD_EXTRA_VERSION and GD_VERSION_STRING. (Pierre) - Added missing open_basedir checks to CGI. (anight at eyelinkmedia dot com, Tony) +- Fixed several integer overflows in bundled GD library reported by + Mattias Bengtsson. (Tony) - Fixed PECL bug #11216 (crash in ZipArchive::addEmptyDir when a directory already exists). (Pierre) - Fixed bug #41608 (segfault on a weird code with objects and switch()). http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd.c?r1=1.90.2.1.2.11r2=1.90.2.1.2.12diff_format=u Index: php-src/ext/gd/libgd/gd.c diff -u php-src/ext/gd/libgd/gd.c:1.90.2.1.2.11 php-src/ext/gd/libgd/gd.c:1.90.2.1.2.12 --- php-src/ext/gd/libgd/gd.c:1.90.2.1.2.11 Sat Apr 14 17:33:15 2007 +++ php-src/ext/gd/libgd/gd.c Wed Jun 6 09:45:43 2007 @@ -120,6 +120,15 @@ { int i; gdImagePtr im; + + if (overflow2(sx, sy)) { + return NULL; + } + + if (overflow2(sizeof(unsigned char *), sy)) { + return NULL; + } + im = (gdImage *) gdMalloc(sizeof(gdImage)); memset(im, 0, sizeof(gdImage)); /* Row-major ever since gd 1.3 */ @@ -162,6 +171,19 @@ { int i; gdImagePtr im; + + if (overflow2(sx, sy)) { + return NULL; + } + + if (overflow2(sizeof(unsigned char *), sy)) { + return NULL; + } + + if (overflow2(sizeof(int), sx)) { + return NULL; + } + im = (gdImage *) gdMalloc(sizeof(gdImage)); memset(im, 0, sizeof(gdImage)); im-tpixels = (int **) gdMalloc(sizeof(int *) * sy); @@ -2404,6 +2426,14 @@ int *stx, *sty; /* We only need to use floating point to determine the correct stretch vector for one line's worth. */ double accum; + + if (overflow2(sizeof(int), srcW)) { + return; + } + if (overflow2(sizeof(int), srcH)) { + return; + } + stx = (int *) gdMalloc (sizeof (int) * srcW); sty = (int *) gdMalloc (sizeof (int) * srcH); accum = 0; @@ -3195,6 +3225,10 @@ return; } + if (overflow2(sizeof(int), n)) { + return; + } + if (c == gdAntiAliased) { fill_color = im-AA_color; } else { @@ -3209,6 +3243,9 @@ while (im-polyAllocated n) { im-polyAllocated *= 2; } + if (overflow2(sizeof(int), im-polyAllocated)) { + return; + } im-polyInts = (int *) gdRealloc(im-polyInts, sizeof(int) * im-polyAllocated); } miny = p[0].y; http://cvs.php.net/viewvc.cgi/php-src/ext/gd/gd.c?r1=1.312.2.20.2.28r2=1.312.2.20.2.29diff_format=u Index: php-src/ext/gd/gd.c diff -u php-src/ext/gd/gd.c:1.312.2.20.2.28 php-src/ext/gd/gd.c:1.312.2.20.2.29 --- php-src/ext/gd/gd.c:1.312.2.20.2.28 Sun Jun 3 17:46:18 2007 +++ php-src/ext/gd/gd.c Wed Jun 6 09:45:43 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: gd.c,v 1.312.2.20.2.28 2007/06/03 17:46:18 pajoye Exp $ */ +/* $Id: gd.c,v 1.312.2.20.2.29 2007/06/06 09:45:43 tony2001 Exp $ */ /* gd 1.2 is copyright 1994, 1995, Quest Protein Database Center, Cold Spring Harbor Labs. */ @@ -1740,6 +1740,10 @@ im = gdImageCreateTrueColor(Z_LVAL_PP(x_size), Z_LVAL_PP(y_size)); + if (!im) { + RETURN_FALSE; + } + ZEND_REGISTER_RESOURCE(return_value, im, le_gd); } /* }}} */ @@ -2350,6 +2354,10 @@ im = gdImageCreate(Z_LVAL_PP(x_size), Z_LVAL_PP(y_size)); + if (!im) { + RETURN_FALSE; + } + ZEND_REGISTER_RESOURCE(return_value, im, le_gd); } /* }}} */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/gd gd.c /ext/gd/libgd gd.c
On 6/6/07, Antony Dovgal [EMAIL PROTECTED] wrote: tony2001Wed Jun 6 09:45:43 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS /php-src/ext/gd/libgd gd.c /php-src/ext/gd gd.c Log: MFH: fix several integer overflows in GD Can you be more specific? At least in the NEWS entry, by listing the affected functions.Thanks again for the patch! :) --Pierre -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/gd gd.c /ext/gd/libgd gd.c
On 06.06.2007 14:00, Pierre wrote: On 6/6/07, Antony Dovgal [EMAIL PROTECTED] wrote: tony2001Wed Jun 6 09:45:43 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS /php-src/ext/gd/libgd gd.c /php-src/ext/gd gd.c Log: MFH: fix several integer overflows in GD Can you be more specific? At least in the NEWS entry, by listing the affected functions.Thanks again for the patch! :) Sure. Is this good enough? Index: NEWS === RCS file: /repository/php-src/NEWS,v retrieving revision 1.2027.2.547.2.763 diff -u -p -d -r1.2027.2.547.2.763 NEWS --- NEWS6 Jun 2007 09:45:43 - 1.2027.2.547.2.763 +++ NEWS6 Jun 2007 11:21:10 - @@ -7,8 +7,9 @@ PHP GD_RELEASE_VERSION, GD_EXTRA_VERSION and GD_VERSION_STRING. (Pierre) - Added missing open_basedir checks to CGI. (anight at eyelinkmedia dot com, Tony) -- Fixed several integer overflows in bundled GD library reported by - Mattias Bengtsson. (Tony) +- Fixed several integer overflows in ImageCreate(), ImageCreateTrueColor(), + ImageCopyResampled() and ImageFilledPolygon() reported by Mattias Bengtsson. + (Tony) - Fixed PECL bug #11216 (crash in ZipArchive::addEmptyDir when a directory already exists). (Pierre) - Fixed bug #41608 (segfault on a weird code with objects and switch()). -- Wbr, Antony Dovgal -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/gd gd.c /ext/gd/libgd gd.c
On 6/6/07, Antony Dovgal [EMAIL PROTECTED] wrote: On 06.06.2007 14:00, Pierre wrote: On 6/6/07, Antony Dovgal [EMAIL PROTECTED] wrote: tony2001Wed Jun 6 09:45:43 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS /php-src/ext/gd/libgd gd.c /php-src/ext/gd gd.c Log: MFH: fix several integer overflows in GD Can you be more specific? At least in the NEWS entry, by listing the affected functions.Thanks again for the patch! :) Sure. Is this good enough? It is perfect, thanks :) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php