oh right, should be fixed there too. I will merge the fix once I'm back home. Thanks for the head up
On Wed, Dec 8, 2010 at 1:26 PM, Ilia Alshanetsky <i...@prohost.org> wrote: > What about 5.2? > > On Wed, Dec 8, 2010 at 3:45 AM, Pierre Joye <paj...@php.net> wrote: >> pajoye Wed, 08 Dec 2010 08:45:56 +0000 >> >> Revision: http://svn.php.net/viewvc?view=revision&revision=306075 >> >> Log: >> - Fix #53492, fix crash if aa steps are invalid >> >> Bug: http://bugs.php.net/53492 (Assigned) Stack buffer overflow in >> imagepstext >> >> Changed paths: >> U php/php-src/branches/PHP_5_3/NEWS >> U php/php-src/branches/PHP_5_3/ext/gd/gd.c >> U php/php-src/trunk/ext/gd/gd.c >> >> Modified: php/php-src/branches/PHP_5_3/NEWS >> =================================================================== >> --- php/php-src/branches/PHP_5_3/NEWS 2010-12-08 08:20:44 UTC (rev 306074) >> +++ php/php-src/branches/PHP_5_3/NEWS 2010-12-08 08:45:56 UTC (rev 306075) >> @@ -207,7 +207,10 @@ >> and trailing :: in the filter extension). (Gustavo) >> . Fixed bug #50117 (problems in the validation of IPv6 addresses with IPv4 >> addresses and ::). (Gustavo) >> - >> + >> +- GD extension: >> + . Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). >> (Pierre) >> + >> - GMP extension: >> . Fixed bug #52906 (gmp_mod returns negative result when non-negative is >> expected). (Stas) >> >> Modified: php/php-src/branches/PHP_5_3/ext/gd/gd.c >> =================================================================== >> --- php/php-src/branches/PHP_5_3/ext/gd/gd.c 2010-12-08 08:20:44 UTC (rev >> 306074) >> +++ php/php-src/branches/PHP_5_3/ext/gd/gd.c 2010-12-08 08:45:56 UTC (rev >> 306075) >> @@ -4228,6 +4228,11 @@ >> return; >> } >> >> + if (aa_steps != 4 || aa_steps != 16) { >> + php_error_docref(NULL TSRMLS_CC, E_WARNING, "AA steps must >> be 4 or 16"); >> + RETURN_FALSE; >> + } >> + >> ZEND_FETCH_RESOURCE(bg_img, gdImagePtr, &img, -1, "Image", le_gd); >> ZEND_FETCH_RESOURCE(f_ind, int *, &fnt, -1, "Type 1 font", >> le_ps_font); >> >> >> Modified: php/php-src/trunk/ext/gd/gd.c >> =================================================================== >> --- php/php-src/trunk/ext/gd/gd.c 2010-12-08 08:20:44 UTC (rev 306074) >> +++ php/php-src/trunk/ext/gd/gd.c 2010-12-08 08:45:56 UTC (rev 306075) >> @@ -4290,6 +4290,11 @@ >> return; >> } >> >> + if (aa_steps != 4 || aa_steps != 16) { >> + php_error_docref(NULL TSRMLS_CC, E_WARNING, "AA steps must >> be 4 or 16"); >> + RETURN_FALSE; >> + } >> + >> ZEND_FETCH_RESOURCE(bg_img, gdImagePtr, &img, -1, "Image", le_gd); >> ZEND_FETCH_RESOURCE(f_ind, int *, &fnt, -1, "Type 1 font", >> le_ps_font); >> >> >> >> -- >> PHP CVS Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> > > -- > PHP CVS Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
