Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/libgd gd.c

2007-06-17 Thread Nuno Lopes
On 6/15/07, Stanislav Malyshev [EMAIL PROTECTED] wrote: + pts = (char *) ecalloc(im-sy * im-sx, sizeof(char)); I don't see any overflow checks around, are you sure it's safe? Checks are done in gdImageCreate* --Pierre Ah, exactly. That explains why I wasn't able to crash it :-) Nuno

Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/libgd gd.c

2007-06-16 Thread Pierre
On 6/15/07, Stanislav Malyshev [EMAIL PROTECTED] wrote: + pts = (char *) ecalloc(im-sy * im-sx, sizeof(char)); I don't see any overflow checks around, are you sure it's safe? Checks are done in gdImageCreate* --Pierre -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit:

Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/libgd gd.c

2007-06-15 Thread Stanislav Malyshev
+ pts = (char *) ecalloc(im-sy * im-sx, sizeof(char)); I don't see any overflow checks around, are you sure it's safe? -- Stanislav Malyshev, Zend Products Engineer [EMAIL PROTECTED] http://www.zend.com/ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit:

Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/libgd gd.c

2007-06-15 Thread Nuno Lopes
Ah! good point, thanks. I'll check it out. Nuno - Original Message - + pts = (char *) ecalloc(im-sy * im-sx, sizeof(char)); I don't see any overflow checks around, are you sure it's safe? -- Stanislav Malyshev, Zend Products Engineer [EMAIL PROTECTED] http://www.zend.com/ -- PHP

Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/libgd gd.c

2007-01-14 Thread Nuno Lopes
As the commit log says, I fixed a few valgrind warnings in the bug24594.phpt test (it was reading one past the end of the array). The log is still available at http://gcov.php.net/viewer.php?version=PHP_5_2func=valgrindfile=ext%2Fgd%2Ftests%2Fbug24594.phpt the fix is this part: - for (; x=wx2

Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/libgd gd.c

2007-01-14 Thread Pierre
Hello Nuno, On 1/14/07, Nuno Lopes [EMAIL PROTECTED] wrote: It is reproducible everywhere, I must say (including my pc). wx2 is the size of the array, so you can only read from idx 0 to (wx2-1). Reading idx wx2 doesn't make sense. Right, I was wondering why valgrind don't say a word here,

Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/libgd gd.c

2007-01-13 Thread Pierre
Hello Nuno, On 1/13/07, Nuno Lopes [EMAIL PROTECTED] wrote: nlopess Sat Jan 13 11:16:15 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/gd/libgd gd.c Log: fix valgrind error in test bug24594.phpt while at it, remove some dead code and change the

Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/libgd gd.c

2007-01-13 Thread Nuno Lopes
On 1/13/07, Nuno Lopes [EMAIL PROTECTED] wrote: nlopess Sat Jan 13 11:16:15 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/gd/libgd gd.c Log: fix valgrind error in test bug24594.phpt while at it, remove some dead code and change the pts vector to

Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/libgd gd.c

2007-01-13 Thread Pierre
Hello Nuno, On 1/13/07, Nuno Lopes [EMAIL PROTECTED] wrote: On 1/13/07, Nuno Lopes [EMAIL PROTECTED] wrote: nlopess Sat Jan 13 11:16:15 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/gd/libgd gd.c Log: fix valgrind error in test bug24594.phpt