iliaa Wed Feb 23 18:39:36 2005 EDT
Modified files:
/php-src/ext/standard image.c
Log:
Additional safety checks.
# More to follow
http://cvs.php.net/diff.php/php-src/ext/standard/image.c?r1=1.103&r2=1.104&ty=u
Index: php-src/ext/standard/image.c
diff -u php-src/ext/standard/image.c:1.103 php-src/ext/standard/image.c:1.104
--- php-src/ext/standard/image.c:1.103 Wed Feb 23 17:49:32 2005
+++ php-src/ext/standard/image.c Wed Feb 23 18:39:36 2005
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: image.c,v 1.103 2005/02/23 22:49:32 helly Exp $ */
+/* $Id: image.c,v 1.104 2005/02/23 23:39:36 iliaa Exp $ */
#include "php.h"
#include <stdio.h>
@@ -636,6 +636,10 @@
dummy_int = php_read4(stream TSRMLS_CC); /* YTOsiz */
result->channels = php_read2(stream TSRMLS_CC); /* Csiz */
+ if (result->channels < 0 || result->channels > 256) {
+ efree(result);
+ return NULL;
+ }
/* Collect bit depth info */
highest_bit_depth = bit_depth = 0;
@@ -683,7 +687,7 @@
break;
}
- if (box_length == 1) {
+ if (box_length <= 1) {
/* We won't handle XLBoxes */
return NULL;
}
@@ -698,7 +702,9 @@
}
/* Skip over LBox (Which includes both TBox and LBox itself */
- php_stream_seek(stream, box_length - 8, SEEK_CUR);
+ if (php_stream_seek(stream, box_length - 8, SEEK_CUR)) {
+ break;
+ }
}
if (result == NULL) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
