[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/gd gd.c /ext/gd/libgd gd.c
pajoye Tue Sep 11 21:03:48 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-srcNEWS
/php-src/ext/gd gd.c
/php-src/ext/gd/libgd gd.c
Log:
- [DOC] add alpha support for imagefilter's IMG_FILTER_COLORIZE
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.940r2=1.2027.2.547.2.941diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.940 php-src/NEWS:1.2027.2.547.2.941
--- php-src/NEWS:1.2027.2.547.2.940 Mon Sep 10 23:42:54 2007
+++ php-src/NEWSTue Sep 11 21:03:47 2007
@@ -11,6 +11,7 @@
- Upgraded PCRE to version 7.3 (Nuno)
- Added optional parameter $provide_object to debug_backtrace(). (Sebastian)
+- Added alpha support for imagefilter's IMG_FILTER_COLORIZE
- Fixed Bug #42596 (session.save_path MODE option does not work). (Ilia)
- Fixed bug #42590 (Make the engine recornize \v and \f escape sequences).
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/gd.c?r1=1.312.2.20.2.31r2=1.312.2.20.2.32diff_format=u
Index: php-src/ext/gd/gd.c
diff -u php-src/ext/gd/gd.c:1.312.2.20.2.31 php-src/ext/gd/gd.c:1.312.2.20.2.32
--- php-src/ext/gd/gd.c:1.312.2.20.2.31 Wed Aug 29 06:26:30 2007
+++ php-src/ext/gd/gd.c Tue Sep 11 21:03:48 2007
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: gd.c,v 1.312.2.20.2.31 2007/08/29 06:26:30 pajoye Exp $ */
+/* $Id: gd.c,v 1.312.2.20.2.32 2007/09/11 21:03:48 pajoye Exp $ */
/* gd 1.2 is copyright 1994, 1995, Quest Protein Database Center,
Cold Spring Harbor Labs. */
@@ -5178,8 +5178,9 @@
zval *SIM;
gdImagePtr im_src;
long r,g,b,tmp;
+ long a = 0;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, r, SIM,
tmp, r, g, b) == FAILURE) {
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, r|l, SIM,
tmp, r, g, b, a) == FAILURE) {
RETURN_FALSE;
}
@@ -5189,7 +5190,7 @@
RETURN_FALSE;
}
- if (gdImageColor(im_src, (int) r, (int) g, (int) b) == 1) {
+ if (gdImageColor(im_src, (int) r, (int) g, (int) b, (int) a) == 1) {
RETURN_TRUE;
}
@@ -5298,7 +5299,7 @@
php_image_filter_smooth
};
- if (ZEND_NUM_ARGS() 2 || ZEND_NUM_ARGS() 5) {
+ if (ZEND_NUM_ARGS() 2 || ZEND_NUM_ARGS() 6) {
WRONG_PARAM_COUNT;
} else if (zend_parse_parameters(2 TSRMLS_CC, rl, tmp, filtertype)
== FAILURE) {
return;
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd.c?r1=1.90.2.1.2.20r2=1.90.2.1.2.21diff_format=u
Index: php-src/ext/gd/libgd/gd.c
diff -u php-src/ext/gd/libgd/gd.c:1.90.2.1.2.20
php-src/ext/gd/libgd/gd.c:1.90.2.1.2.21
--- php-src/ext/gd/libgd/gd.c:1.90.2.1.2.20 Sun Sep 9 13:05:51 2007
+++ php-src/ext/gd/libgd/gd.c Tue Sep 11 21:03:48 2007
@@ -3807,15 +3807,14 @@
}
-int gdImageColor(gdImagePtr src, int red, int green, int blue)
+int gdImageColor(gdImagePtr src, const int red, const int green, const int
blue, const int alpha)
{
int x, y;
- int r,g,b,a;
int new_pxl, pxl;
typedef int (*FuncPtr)(gdImagePtr, int, int);
FuncPtr f;
- if (src==NULL || (red-255||red255) || (green-255||green255) ||
(blue-255||blue255)) {
+ if (src == NULL) {
return 0;
}
@@ -3823,6 +3822,8 @@
for (y=0; ysrc-sy; ++y) {
for (x=0; xsrc-sx; ++x) {
+ int r,g,b,a;
+
pxl = f(src, x, y);
r = gdImageRed(src, pxl);
g = gdImageGreen(src, pxl);
@@ -3832,14 +3833,16 @@
r = r + red;
g = g + green;
b = b + blue;
+ a = a + alpha;
- r = (r 255)? 255 : ((r 0)? 0:r);
- g = (g 255)? 255 : ((g 0)? 0:g);
- b = (b 255)? 255 : ((b 0)? 0:b);
+ r = (r 255)? 255 : ((r 0)? 0 : r);
+ g = (g 255)? 255 : ((g 0)? 0 : g);
+ b = (b 255)? 255 : ((b 0)? 0 : b);
+ a = (a 127)? 127 : ((a 0)? 0 : a);
- new_pxl = gdImageColorAllocateAlpha(src, (int)r,
(int)g, (int)b, a);
+ new_pxl = gdImageColorAllocateAlpha(src, r, g, b, a);
if (new_pxl == -1) {
- new_pxl = gdImageColorClosestAlpha(src, (int)r,
(int)g, (int)b, a);
+ new_pxl = gdImageColorClosestAlpha(src, r, g,
b, a);
}
gdImageSetPixel (src, x, y, new_pxl);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/gd gd.c /ext/gd/libgd gd.c
tony2001Wed Jun 6 09:45:43 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-srcNEWS
/php-src/ext/gd/libgd gd.c
/php-src/ext/gd gd.c
Log:
MFH: fix several integer overflows in GD
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.762r2=1.2027.2.547.2.763diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.762 php-src/NEWS:1.2027.2.547.2.763
--- php-src/NEWS:1.2027.2.547.2.762 Wed Jun 6 08:35:44 2007
+++ php-src/NEWSWed Jun 6 09:45:43 2007
@@ -7,6 +7,8 @@
GD_RELEASE_VERSION, GD_EXTRA_VERSION and GD_VERSION_STRING. (Pierre)
- Added missing open_basedir checks to CGI. (anight at eyelinkmedia dot com,
Tony)
+- Fixed several integer overflows in bundled GD library reported by
+ Mattias Bengtsson. (Tony)
- Fixed PECL bug #11216 (crash in ZipArchive::addEmptyDir when a directory
already exists). (Pierre)
- Fixed bug #41608 (segfault on a weird code with objects and switch()).
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd.c?r1=1.90.2.1.2.11r2=1.90.2.1.2.12diff_format=u
Index: php-src/ext/gd/libgd/gd.c
diff -u php-src/ext/gd/libgd/gd.c:1.90.2.1.2.11
php-src/ext/gd/libgd/gd.c:1.90.2.1.2.12
--- php-src/ext/gd/libgd/gd.c:1.90.2.1.2.11 Sat Apr 14 17:33:15 2007
+++ php-src/ext/gd/libgd/gd.c Wed Jun 6 09:45:43 2007
@@ -120,6 +120,15 @@
{
int i;
gdImagePtr im;
+
+ if (overflow2(sx, sy)) {
+ return NULL;
+ }
+
+ if (overflow2(sizeof(unsigned char *), sy)) {
+ return NULL;
+ }
+
im = (gdImage *) gdMalloc(sizeof(gdImage));
memset(im, 0, sizeof(gdImage));
/* Row-major ever since gd 1.3 */
@@ -162,6 +171,19 @@
{
int i;
gdImagePtr im;
+
+ if (overflow2(sx, sy)) {
+ return NULL;
+ }
+
+ if (overflow2(sizeof(unsigned char *), sy)) {
+ return NULL;
+ }
+
+ if (overflow2(sizeof(int), sx)) {
+ return NULL;
+ }
+
im = (gdImage *) gdMalloc(sizeof(gdImage));
memset(im, 0, sizeof(gdImage));
im-tpixels = (int **) gdMalloc(sizeof(int *) * sy);
@@ -2404,6 +2426,14 @@
int *stx, *sty;
/* We only need to use floating point to determine the correct stretch
vector for one line's worth. */
double accum;
+
+ if (overflow2(sizeof(int), srcW)) {
+ return;
+ }
+ if (overflow2(sizeof(int), srcH)) {
+ return;
+ }
+
stx = (int *) gdMalloc (sizeof (int) * srcW);
sty = (int *) gdMalloc (sizeof (int) * srcH);
accum = 0;
@@ -3195,6 +3225,10 @@
return;
}
+ if (overflow2(sizeof(int), n)) {
+ return;
+ }
+
if (c == gdAntiAliased) {
fill_color = im-AA_color;
} else {
@@ -3209,6 +3243,9 @@
while (im-polyAllocated n) {
im-polyAllocated *= 2;
}
+ if (overflow2(sizeof(int), im-polyAllocated)) {
+ return;
+ }
im-polyInts = (int *) gdRealloc(im-polyInts, sizeof(int) *
im-polyAllocated);
}
miny = p[0].y;
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/gd.c?r1=1.312.2.20.2.28r2=1.312.2.20.2.29diff_format=u
Index: php-src/ext/gd/gd.c
diff -u php-src/ext/gd/gd.c:1.312.2.20.2.28 php-src/ext/gd/gd.c:1.312.2.20.2.29
--- php-src/ext/gd/gd.c:1.312.2.20.2.28 Sun Jun 3 17:46:18 2007
+++ php-src/ext/gd/gd.c Wed Jun 6 09:45:43 2007
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: gd.c,v 1.312.2.20.2.28 2007/06/03 17:46:18 pajoye Exp $ */
+/* $Id: gd.c,v 1.312.2.20.2.29 2007/06/06 09:45:43 tony2001 Exp $ */
/* gd 1.2 is copyright 1994, 1995, Quest Protein Database Center,
Cold Spring Harbor Labs. */
@@ -1740,6 +1740,10 @@
im = gdImageCreateTrueColor(Z_LVAL_PP(x_size), Z_LVAL_PP(y_size));
+ if (!im) {
+ RETURN_FALSE;
+ }
+
ZEND_REGISTER_RESOURCE(return_value, im, le_gd);
}
/* }}} */
@@ -2350,6 +2354,10 @@
im = gdImageCreate(Z_LVAL_PP(x_size), Z_LVAL_PP(y_size));
+ if (!im) {
+ RETURN_FALSE;
+ }
+
ZEND_REGISTER_RESOURCE(return_value, im, le_gd);
}
/* }}} */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/gd gd.c /ext/gd/libgd gd.c
On 6/6/07, Antony Dovgal [EMAIL PROTECTED] wrote: tony2001Wed Jun 6 09:45:43 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS /php-src/ext/gd/libgd gd.c /php-src/ext/gd gd.c Log: MFH: fix several integer overflows in GD Can you be more specific? At least in the NEWS entry, by listing the affected functions.Thanks again for the patch! :) --Pierre -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/gd gd.c /ext/gd/libgd gd.c
On 06.06.2007 14:00, Pierre wrote: On 6/6/07, Antony Dovgal [EMAIL PROTECTED] wrote: tony2001Wed Jun 6 09:45:43 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS /php-src/ext/gd/libgd gd.c /php-src/ext/gd gd.c Log: MFH: fix several integer overflows in GD Can you be more specific? At least in the NEWS entry, by listing the affected functions.Thanks again for the patch! :) Sure. Is this good enough? Index: NEWS === RCS file: /repository/php-src/NEWS,v retrieving revision 1.2027.2.547.2.763 diff -u -p -d -r1.2027.2.547.2.763 NEWS --- NEWS6 Jun 2007 09:45:43 - 1.2027.2.547.2.763 +++ NEWS6 Jun 2007 11:21:10 - @@ -7,8 +7,9 @@ PHP GD_RELEASE_VERSION, GD_EXTRA_VERSION and GD_VERSION_STRING. (Pierre) - Added missing open_basedir checks to CGI. (anight at eyelinkmedia dot com, Tony) -- Fixed several integer overflows in bundled GD library reported by - Mattias Bengtsson. (Tony) +- Fixed several integer overflows in ImageCreate(), ImageCreateTrueColor(), + ImageCopyResampled() and ImageFilledPolygon() reported by Mattias Bengtsson. + (Tony) - Fixed PECL bug #11216 (crash in ZipArchive::addEmptyDir when a directory already exists). (Pierre) - Fixed bug #41608 (segfault on a weird code with objects and switch()). -- Wbr, Antony Dovgal -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/gd gd.c /ext/gd/libgd gd.c
On 6/6/07, Antony Dovgal [EMAIL PROTECTED] wrote: On 06.06.2007 14:00, Pierre wrote: On 6/6/07, Antony Dovgal [EMAIL PROTECTED] wrote: tony2001Wed Jun 6 09:45:43 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS /php-src/ext/gd/libgd gd.c /php-src/ext/gd gd.c Log: MFH: fix several integer overflows in GD Can you be more specific? At least in the NEWS entry, by listing the affected functions.Thanks again for the patch! :) Sure. Is this good enough? It is perfect, thanks :) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
