[PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/libgd gd.c /ext/gd/tests bug43121.gif bug43121.phpt
mattias Sun Nov 4 23:56:00 2007 UTC
Added files: (Branch: PHP_5_2)
/php-src/ext/gd/tests bug43121.gif bug43121.phpt
Modified files:
/php-src/ext/gd/libgd gd.c
Log:
- Fixed Bug #43121 (gdImageFill with IMG_COLOR_TILED crashes httpd)
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd.c?r1=1.90.2.1.2.21r2=1.90.2.1.2.22diff_format=u
Index: php-src/ext/gd/libgd/gd.c
diff -u php-src/ext/gd/libgd/gd.c:1.90.2.1.2.21
php-src/ext/gd/libgd/gd.c:1.90.2.1.2.22
--- php-src/ext/gd/libgd/gd.c:1.90.2.1.2.21 Tue Sep 11 21:03:48 2007
+++ php-src/ext/gd/libgd/gd.c Sun Nov 4 23:56:00 2007
@@ -2050,14 +2050,14 @@
static void _gdImageFillTiled(gdImagePtr im, int x, int y, int nc)
{
- int l, x1, x2, dy;
+ int i, l, x1, x2, dy;
int oc; /* old pixel value */
int tiled;
int wx2,wy2;
/* stack of filled segments */
struct seg *stack;
struct seg *sp;
- char *pts;
+ char **pts;
if (!im-tile) {
return;
@@ -2067,7 +2067,11 @@
tiled = nc==gdTiled;
nc = gdImageTileGet(im,x,y);
- pts = (char *) ecalloc(im-sy * im-sx, sizeof(char));
+
+ pts = (char **) ecalloc(im-sy + 1, sizeof(char *));
+ for (i = 0; i im-sy + 1; i++) {
+ pts[i] = (char *) ecalloc(im-sx + 1, sizeof(char));
+ }
stack = (struct seg *)safe_emalloc(sizeof(struct seg),
((int)(im-sy*im-sx)/4), 1);
sp = stack;
@@ -2080,9 +2084,9 @@
FILL_PUSH(y+1, x, x, -1);
while (spstack) {
FILL_POP(y, x1, x2, dy);
- for (x=x1; x=0 (!pts[y + x*wx2]
gdImageGetPixel(im,x,y)==oc); x--) {
+ for (x=x1; x=0 (!pts[y][x] gdImageGetPixel(im,x,y)==oc);
x--) {
nc = gdImageTileGet(im,x,y);
- pts[y + x*wx2]=1;
+ pts[y][x] = 1;
gdImageSetPixel(im,x, y, nc);
}
if (x=x1) {
@@ -2096,9 +2100,9 @@
}
x = x1+1;
do {
- for (; xwx2 (!pts[y + x*wx2]
gdImageGetPixel(im,x, y)==oc) ; x++) {
+ for(; xwx2 (!pts[y][x] gdImageGetPixel(im,x,
y)==oc); x++) {
nc = gdImageTileGet(im,x,y);
- pts[y + x*wx2]=1;
+ pts[y][x] = 1;
gdImageSetPixel(im, x, y, nc);
}
FILL_PUSH(y, l, x-1, dy);
@@ -2106,11 +2110,15 @@
if (xx2+1) {
FILL_PUSH(y, x2+1, x-1, -dy);
}
-skip: for (x++; x=x2 (pts[y + x*wx2] ||
gdImageGetPixel(im,x, y)!=oc); x++);
+skip: for(x++; x=x2 (pts[y][x] || gdImageGetPixel(im,x, y)!=oc);
x++);
l = x;
} while (x=x2);
}
+ for(i = 0; i im-sy + 1; i++) {
+ efree(pts[i]);
+ }
+
efree(pts);
efree(stack);
}
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/bug43121.phpt?view=markuprev=1.1
Index: php-src/ext/gd/tests/bug43121.phpt
+++ php-src/ext/gd/tests/bug43121.phpt
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_3) /ext/gd/libgd gd.c /ext/gd/tests bug43121.gif bug43121.phpt
mattias Sun Nov 4 23:56:41 2007 UTC
Added files: (Branch: PHP_5_3)
/php-src/ext/gd/tests bug43121.gif bug43121.phpt
Modified files:
/php-src/ext/gd/libgd gd.c
Log:
-MFB, Fixed Bug #43121 (gdImageFill with IMG_COLOR_TILED crashes httpd)
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd.c?r1=1.90.2.1.2.21r2=1.90.2.1.2.21.2.1diff_format=u
Index: php-src/ext/gd/libgd/gd.c
diff -u php-src/ext/gd/libgd/gd.c:1.90.2.1.2.21
php-src/ext/gd/libgd/gd.c:1.90.2.1.2.21.2.1
--- php-src/ext/gd/libgd/gd.c:1.90.2.1.2.21 Tue Sep 11 21:03:48 2007
+++ php-src/ext/gd/libgd/gd.c Sun Nov 4 23:56:41 2007
@@ -2050,14 +2050,14 @@
static void _gdImageFillTiled(gdImagePtr im, int x, int y, int nc)
{
- int l, x1, x2, dy;
+ int i, l, x1, x2, dy;
int oc; /* old pixel value */
int tiled;
int wx2,wy2;
/* stack of filled segments */
struct seg *stack;
struct seg *sp;
- char *pts;
+ char **pts;
if (!im-tile) {
return;
@@ -2067,7 +2067,11 @@
tiled = nc==gdTiled;
nc = gdImageTileGet(im,x,y);
- pts = (char *) ecalloc(im-sy * im-sx, sizeof(char));
+
+ pts = (char **) ecalloc(im-sy + 1, sizeof(char *));
+ for (i = 0; i im-sy + 1; i++) {
+ pts[i] = (char *) ecalloc(im-sx + 1, sizeof(char));
+ }
stack = (struct seg *)safe_emalloc(sizeof(struct seg),
((int)(im-sy*im-sx)/4), 1);
sp = stack;
@@ -2080,9 +2084,9 @@
FILL_PUSH(y+1, x, x, -1);
while (spstack) {
FILL_POP(y, x1, x2, dy);
- for (x=x1; x=0 (!pts[y + x*wx2]
gdImageGetPixel(im,x,y)==oc); x--) {
+ for (x=x1; x=0 (!pts[y][x] gdImageGetPixel(im,x,y)==oc);
x--) {
nc = gdImageTileGet(im,x,y);
- pts[y + x*wx2]=1;
+ pts[y][x] = 1;
gdImageSetPixel(im,x, y, nc);
}
if (x=x1) {
@@ -2096,9 +2100,9 @@
}
x = x1+1;
do {
- for (; xwx2 (!pts[y + x*wx2]
gdImageGetPixel(im,x, y)==oc) ; x++) {
+ for(; xwx2 (!pts[y][x] gdImageGetPixel(im,x,
y)==oc); x++) {
nc = gdImageTileGet(im,x,y);
- pts[y + x*wx2]=1;
+ pts[y][x] = 1;
gdImageSetPixel(im, x, y, nc);
}
FILL_PUSH(y, l, x-1, dy);
@@ -2106,11 +2110,15 @@
if (xx2+1) {
FILL_PUSH(y, x2+1, x-1, -dy);
}
-skip: for (x++; x=x2 (pts[y + x*wx2] ||
gdImageGetPixel(im,x, y)!=oc); x++);
+skip: for(x++; x=x2 (pts[y][x] || gdImageGetPixel(im,x, y)!=oc);
x++);
l = x;
} while (x=x2);
}
+ for(i = 0; i im-sy + 1; i++) {
+ efree(pts[i]);
+ }
+
efree(pts);
efree(stack);
}
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/bug43121.phpt?view=markuprev=1.1
Index: php-src/ext/gd/tests/bug43121.phpt
+++ php-src/ext/gd/tests/bug43121.phpt
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/gd/libgd gd.c /ext/gd/tests bug43121.gif bug43121.phpt
mattias Sun Nov 4 23:57:07 2007 UTC
Modified files:
/php-src/ext/gd/libgd gd.c
/php-src/ext/gd/tests bug43121.gif bug43121.phpt
Log:
-MFB, Fixed Bug #43121 (gdImageFill with IMG_COLOR_TILED crashes httpd)
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd.c?r1=1.113r2=1.114diff_format=u
Index: php-src/ext/gd/libgd/gd.c
diff -u php-src/ext/gd/libgd/gd.c:1.113 php-src/ext/gd/libgd/gd.c:1.114
--- php-src/ext/gd/libgd/gd.c:1.113 Tue Sep 11 21:07:04 2007
+++ php-src/ext/gd/libgd/gd.c Sun Nov 4 23:57:07 2007
@@ -2047,14 +2047,14 @@
static void _gdImageFillTiled(gdImagePtr im, int x, int y, int nc)
{
- int l, x1, x2, dy;
+ int i, l, x1, x2, dy;
int oc; /* old pixel value */
int tiled;
int wx2,wy2;
/* stack of filled segments */
struct seg *stack;
struct seg *sp;
- char *pts;
+ char **pts;
if (!im-tile) {
return;
@@ -2064,7 +2064,11 @@
tiled = nc==gdTiled;
nc = gdImageTileGet(im,x,y);
- pts = (char *) ecalloc(im-sy * im-sx, sizeof(char));
+
+ pts = (char **) ecalloc(im-sy + 1, sizeof(char *));
+ for (i = 0; i im-sy + 1; i++) {
+ pts[i] = (char *) ecalloc(im-sx + 1, sizeof(char));
+ }
stack = (struct seg *)safe_emalloc(sizeof(struct seg),
((int)(im-sy*im-sx)/4), 1);
sp = stack;
@@ -2077,9 +2081,9 @@
FILL_PUSH(y+1, x, x, -1);
while (spstack) {
FILL_POP(y, x1, x2, dy);
- for (x=x1; x=0 (!pts[y + x*wx2]
gdImageGetPixel(im,x,y)==oc); x--) {
+ for (x=x1; x=0 (!pts[y][x] gdImageGetPixel(im,x,y)==oc);
x--) {
nc = gdImageTileGet(im,x,y);
- pts[y + x*wx2]=1;
+ pts[y][x] = 1;
gdImageSetPixel(im,x, y, nc);
}
if (x=x1) {
@@ -2093,9 +2097,9 @@
}
x = x1+1;
do {
- for (; xwx2 (!pts[y + x*wx2]
gdImageGetPixel(im,x, y)==oc) ; x++) {
+ for(; xwx2 (!pts[y][x] gdImageGetPixel(im,x,
y)==oc); x++) {
nc = gdImageTileGet(im,x,y);
- pts[y + x*wx2]=1;
+ pts[y][x] = 1;
gdImageSetPixel(im, x, y, nc);
}
FILL_PUSH(y, l, x-1, dy);
@@ -2103,11 +2107,15 @@
if (xx2+1) {
FILL_PUSH(y, x2+1, x-1, -dy);
}
-skip: for (x++; x=x2 (pts[y + x*wx2] ||
gdImageGetPixel(im,x, y)!=oc); x++);
+skip: for(x++; x=x2 (pts[y][x] || gdImageGetPixel(im,x, y)!=oc);
x++);
l = x;
} while (x=x2);
}
+ for(i = 0; i im-sy + 1; i++) {
+ efree(pts[i]);
+ }
+
efree(pts);
efree(stack);
}
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/bug43121.gif?r1=1.1r2=1.2diff_format=u
Index: php-src/ext/gd/tests/bug43121.gif
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/bug43121.phpt?r1=1.1r2=1.2diff_format=u
Index: php-src/ext/gd/tests/bug43121.phpt
diff -u /dev/null php-src/ext/gd/tests/bug43121.phpt:1.2
--- /dev/null Sun Nov 4 23:57:07 2007
+++ php-src/ext/gd/tests/bug43121.phpt Sun Nov 4 23:57:07 2007
@@ -0,0 +1,21 @@
+--TEST--
+Bug #43121 (gdImageFill with IMG_COLOR_TILED crashes httpd)
+--SKIPIF--
+?php
+ if (!extension_loaded('gd')) die(skip gd extension not available\n);
+?
+--FILE--
+?php
+$im = ImageCreate( 200, 100 );
+$black = ImageColorAllocate( $im, 0, 0, 0 );
+
+$im_tile = ImageCreateFromGif( transback.gif );
+ImageSetTile( $im, $im_tile );
+ImageFill( $im, 0, 0, IMG_COLOR_TILED );
+
+ImageDestroy( $im );
+
+print OK;
+?
+--EXPECTF--
+OK
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/tests bug43121.phpt
mattias Mon Nov 5 01:14:19 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/gd/tests bug43121.phpt Log: - Right filename http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/bug43121.phpt?r1=1.1.2.1r2=1.1.2.2diff_format=u Index: php-src/ext/gd/tests/bug43121.phpt diff -u php-src/ext/gd/tests/bug43121.phpt:1.1.2.1 php-src/ext/gd/tests/bug43121.phpt:1.1.2.2 --- php-src/ext/gd/tests/bug43121.phpt:1.1.2.1 Sun Nov 4 23:56:00 2007 +++ php-src/ext/gd/tests/bug43121.phpt Mon Nov 5 01:14:18 2007 @@ -9,7 +9,7 @@ $im = ImageCreate( 200, 100 ); $black = ImageColorAllocate( $im, 0, 0, 0 ); -$im_tile = ImageCreateFromGif( transback.gif ); +$im_tile = ImageCreateFromGif(dirname(__FILE__) . /bug43121.gif ); ImageSetTile( $im, $im_tile ); ImageFill( $im, 0, 0, IMG_COLOR_TILED ); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_3) /ext/gd/tests bug43121.phpt
mattias Mon Nov 5 01:14:31 2007 UTC Modified files: (Branch: PHP_5_3) /php-src/ext/gd/tests bug43121.phpt Log: -MFB, Right filename http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/bug43121.phpt?r1=1.1.4.2r2=1.1.4.3diff_format=u Index: php-src/ext/gd/tests/bug43121.phpt diff -u php-src/ext/gd/tests/bug43121.phpt:1.1.4.2 php-src/ext/gd/tests/bug43121.phpt:1.1.4.3 --- php-src/ext/gd/tests/bug43121.phpt:1.1.4.2 Sun Nov 4 23:56:41 2007 +++ php-src/ext/gd/tests/bug43121.phpt Mon Nov 5 01:14:31 2007 @@ -9,7 +9,7 @@ $im = ImageCreate( 200, 100 ); $black = ImageColorAllocate( $im, 0, 0, 0 ); -$im_tile = ImageCreateFromGif( transback.gif ); +$im_tile = ImageCreateFromGif(dirname(__FILE__) . /bug43121.gif ); ImageSetTile( $im, $im_tile ); ImageFill( $im, 0, 0, IMG_COLOR_TILED ); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/gd/tests bug43121.phpt
mattias Mon Nov 5 01:14:44 2007 UTC Modified files: /php-src/ext/gd/tests bug43121.phpt Log: -MFB, Right filename http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/bug43121.phpt?r1=1.2r2=1.3diff_format=u Index: php-src/ext/gd/tests/bug43121.phpt diff -u php-src/ext/gd/tests/bug43121.phpt:1.2 php-src/ext/gd/tests/bug43121.phpt:1.3 --- php-src/ext/gd/tests/bug43121.phpt:1.2 Sun Nov 4 23:57:07 2007 +++ php-src/ext/gd/tests/bug43121.phpt Mon Nov 5 01:14:44 2007 @@ -9,7 +9,7 @@ $im = ImageCreate( 200, 100 ); $black = ImageColorAllocate( $im, 0, 0, 0 ); -$im_tile = ImageCreateFromGif( transback.gif ); +$im_tile = ImageCreateFromGif(dirname(__FILE__) . /bug43121.gif ); ImageSetTile( $im, $im_tile ); ImageFill( $im, 0, 0, IMG_COLOR_TILED ); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/libgd gd_security.c
mattias Tue Oct 23 01:58:09 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/gd/libgd gd_security.c
Log:
- Be paranoid and dont allow multiplication with zero
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_security.c?r1=1.1.2.2r2=1.1.2.3diff_format=u
Index: php-src/ext/gd/libgd/gd_security.c
diff -u php-src/ext/gd/libgd/gd_security.c:1.1.2.2
php-src/ext/gd/libgd/gd_security.c:1.1.2.3
--- php-src/ext/gd/libgd/gd_security.c:1.1.2.2 Sat Mar 10 12:18:36 2007
+++ php-src/ext/gd/libgd/gd_security.c Tue Oct 23 01:58:08 2007
@@ -19,12 +19,10 @@
int overflow2(int a, int b)
{
- if(a 0 || b 0) {
- php_gd_error(gd warning: one parameter to a memory allocation
multiplication is negative, failing operation gracefully\n);
+ if(a = 0 || b = 0) {
+ php_gd_error(gd warning: one parameter to a memory allocation
multiplication is negative or zero, failing operation gracefully\n);
return 1;
}
- if(b == 0)
- return 0;
if(a INT_MAX / b) {
php_gd_error(gd warning: product of memory allocation
multiplication would exceed INT_MAX, failing operation gracefully\n);
return 1;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_3) /ext/gd/libgd gd_security.c
mattias Tue Oct 23 01:58:30 2007 UTC
Modified files: (Branch: PHP_5_3)
/php-src/ext/gd/libgd gd_security.c
Log:
-MFB, Be paranoid and dont allow multiplication with zero
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_security.c?r1=1.1.2.2r2=1.1.2.2.2.1diff_format=u
Index: php-src/ext/gd/libgd/gd_security.c
diff -u php-src/ext/gd/libgd/gd_security.c:1.1.2.2
php-src/ext/gd/libgd/gd_security.c:1.1.2.2.2.1
--- php-src/ext/gd/libgd/gd_security.c:1.1.2.2 Sat Mar 10 12:18:36 2007
+++ php-src/ext/gd/libgd/gd_security.c Tue Oct 23 01:58:30 2007
@@ -19,12 +19,10 @@
int overflow2(int a, int b)
{
- if(a 0 || b 0) {
- php_gd_error(gd warning: one parameter to a memory allocation
multiplication is negative, failing operation gracefully\n);
+ if(a = 0 || b = 0) {
+ php_gd_error(gd warning: one parameter to a memory allocation
multiplication is negative or zero, failing operation gracefully\n);
return 1;
}
- if(b == 0)
- return 0;
if(a INT_MAX / b) {
php_gd_error(gd warning: product of memory allocation
multiplication would exceed INT_MAX, failing operation gracefully\n);
return 1;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/gd/libgd gd_security.c
mattias Tue Oct 23 01:58:41 2007 UTC
Modified files:
/php-src/ext/gd/libgd gd_security.c
Log:
-MFB, Be paranoid and dont allow multiplication with zero
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_security.c?r1=1.1r2=1.2diff_format=u
Index: php-src/ext/gd/libgd/gd_security.c
diff -u php-src/ext/gd/libgd/gd_security.c:1.1
php-src/ext/gd/libgd/gd_security.c:1.2
--- php-src/ext/gd/libgd/gd_security.c:1.1 Sat Mar 10 12:16:19 2007
+++ php-src/ext/gd/libgd/gd_security.c Tue Oct 23 01:58:41 2007
@@ -19,12 +19,10 @@
int overflow2(int a, int b)
{
- if(a 0 || b 0) {
- php_gd_error(gd warning: one parameter to a memory allocation
multiplication is negative, failing operation gracefully\n);
+ if(a = 0 || b = 0) {
+ php_gd_error(gd warning: one parameter to a memory allocation
multiplication is negative or zero, failing operation gracefully\n);
return 1;
}
- if(b == 0)
- return 0;
if(a INT_MAX / b) {
php_gd_error(gd warning: product of memory allocation
multiplication would exceed INT_MAX, failing operation gracefully\n);
return 1;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/libgd xbm.c /ext/gd/tests libgd00094.phpt libgd00094.xbm
mattias Thu Aug 9 12:08:29 2007 UTC
Added files: (Branch: PHP_5_2)
/php-src/ext/gd/tests libgd00094.phpt libgd00094.xbm
Modified files:
/php-src/ext/gd/libgd xbm.c
Log:
- libgd #94, imagecreatefromxbm can crash if gdImageCreate fails
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/xbm.c?r1=1.7.2.2.2.1r2=1.7.2.2.2.2diff_format=u
Index: php-src/ext/gd/libgd/xbm.c
diff -u php-src/ext/gd/libgd/xbm.c:1.7.2.2.2.1
php-src/ext/gd/libgd/xbm.c:1.7.2.2.2.2
--- php-src/ext/gd/libgd/xbm.c:1.7.2.2.2.1 Mon Jan 1 09:36:01 2007
+++ php-src/ext/gd/libgd/xbm.c Thu Aug 9 12:08:29 2007
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: xbm.c,v 1.7.2.2.2.1 2007/01/01 09:36:01 sebastian Exp $ */
+/* $Id: xbm.c,v 1.7.2.2.2.2 2007/08/09 12:08:29 mattias Exp $ */
#include stdio.h
#include math.h
@@ -96,7 +96,9 @@
return 0;
}
- im = gdImageCreate(width, height);
+ if(!(im = gdImageCreate(width, height))) {
+ return 0;
+ }
gdImageColorAllocate(im, 255, 255, 255);
gdImageColorAllocate(im, 0, 0, 0);
h[2] = '\0';
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00094.phpt?view=markuprev=1.1
Index: php-src/ext/gd/tests/libgd00094.phpt
+++ php-src/ext/gd/tests/libgd00094.phpt
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00094.xbm?view=markuprev=1.1
Index: php-src/ext/gd/tests/libgd00094.xbm
+++ php-src/ext/gd/tests/libgd00094.xbm
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/gd/libgd xbm.c /ext/gd/tests libgd00094.phpt libgd00094.xbm
mattias Thu Aug 9 12:09:30 2007 UTC
Modified files:
/php-src/ext/gd/libgd xbm.c
/php-src/ext/gd/tests libgd00094.phpt libgd00094.xbm
Log:
-MFB: libgd #94, imagecreatefromxbm can crash if gdImageCreate fails
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/xbm.c?r1=1.10r2=1.11diff_format=u
Index: php-src/ext/gd/libgd/xbm.c
diff -u php-src/ext/gd/libgd/xbm.c:1.10 php-src/ext/gd/libgd/xbm.c:1.11
--- php-src/ext/gd/libgd/xbm.c:1.10 Mon Jan 1 09:29:24 2007
+++ php-src/ext/gd/libgd/xbm.c Thu Aug 9 12:09:30 2007
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: xbm.c,v 1.10 2007/01/01 09:29:24 sebastian Exp $ */
+/* $Id: xbm.c,v 1.11 2007/08/09 12:09:30 mattias Exp $ */
#include stdio.h
#include math.h
@@ -96,7 +96,9 @@
return 0;
}
- im = gdImageCreate(width, height);
+ if(!(im = gdImageCreate(width, height))) {
+ return 0;
+ }
gdImageColorAllocate(im, 255, 255, 255);
gdImageColorAllocate(im, 0, 0, 0);
h[2] = '\0';
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00094.phpt?r1=1.1r2=1.2diff_format=u
Index: php-src/ext/gd/tests/libgd00094.phpt
diff -u /dev/null php-src/ext/gd/tests/libgd00094.phpt:1.2
--- /dev/null Thu Aug 9 12:09:30 2007
+++ php-src/ext/gd/tests/libgd00094.phptThu Aug 9 12:09:30 2007
@@ -0,0 +1,19 @@
+--TEST--
+libgd #94 (imagecreatefromxbm can crash if gdImageCreate fails)
+--SKIPIF--
+?php
+ if (!extension_loaded('gd')) die(skip gd extension not available\n);
+ if (!GD_BUNDLED) die(skip requires bundled GD library\n);
+?
+--FILE--
+?php
+$im = imagecreatefromxbm(dirname(__FILE__) . '/libgd00094.xbm');
+var_dump($im);
+?
+--EXPECTF--
+Warning: imagecreatefromxbm(): gd warning: product of memory allocation
multiplication would exceed INT_MAX, failing operation gracefully
+ in %slibgd00094.php on line %d
+
+Warning: imagecreatefromxbm(): '%slibgd00094.xbm' is not a valid XBM file in
%slibgd00094.php on line %d
+bool(false)
+
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00094.xbm?r1=1.1r2=1.2diff_format=u
Index: php-src/ext/gd/tests/libgd00094.xbm
diff -u /dev/null php-src/ext/gd/tests/libgd00094.xbm:1.2
--- /dev/null Thu Aug 9 12:09:30 2007
+++ php-src/ext/gd/tests/libgd00094.xbm Thu Aug 9 12:09:30 2007
@@ -0,0 +1,3 @@
+#define width 255
+#define height 1073741824
+static unsigned char bla = {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/libgd gd_gd.c /ext/gd/tests libgd00101.gd libgd00101.phpt
mattias Thu Aug 9 14:21:38 2007 UTC
Added files: (Branch: PHP_5_2)
/php-src/ext/gd/tests libgd00101.phpt libgd00101.gd
Modified files:
/php-src/ext/gd/libgd gd_gd.c
Log:
- libgd #101, imagecreatefromgd can crash if gdImageCreate fails
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gd.c?r1=1.8r2=1.8.6.1diff_format=u
Index: php-src/ext/gd/libgd/gd_gd.c
diff -u php-src/ext/gd/libgd/gd_gd.c:1.8 php-src/ext/gd/libgd/gd_gd.c:1.8.6.1
--- php-src/ext/gd/libgd/gd_gd.c:1.8Mon Mar 29 18:20:33 2004
+++ php-src/ext/gd/libgd/gd_gd.cThu Aug 9 14:21:38 2007
@@ -122,6 +122,9 @@
} else {
im = gdImageCreate(*sx, *sy);
}
+ if(!im) {
+ goto fail1;
+ }
if (!_gdGetColors(in, im, gd2xFlag)) {
goto fail2;
}
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00101.phpt?view=markuprev=1.1
Index: php-src/ext/gd/tests/libgd00101.phpt
+++ php-src/ext/gd/tests/libgd00101.phpt
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00101.gd?view=markuprev=1.1
Index: php-src/ext/gd/tests/libgd00101.gd
+++ php-src/ext/gd/tests/libgd00101.gd
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/gd/libgd gd_gd.c /ext/gd/tests libgd00101.gd libgd00101.phpt
mattias Thu Aug 9 14:22:38 2007 UTC
Modified files:
/php-src/ext/gd/libgd gd_gd.c
/php-src/ext/gd/tests libgd00101.phpt libgd00101.gd
Log:
-MFB: libgd #101, imagecreatefromgd can crash if gdImageCreate fails
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gd.c?r1=1.8r2=1.9diff_format=u
Index: php-src/ext/gd/libgd/gd_gd.c
diff -u php-src/ext/gd/libgd/gd_gd.c:1.8 php-src/ext/gd/libgd/gd_gd.c:1.9
--- php-src/ext/gd/libgd/gd_gd.c:1.8Mon Mar 29 18:20:33 2004
+++ php-src/ext/gd/libgd/gd_gd.cThu Aug 9 14:22:38 2007
@@ -122,6 +122,9 @@
} else {
im = gdImageCreate(*sx, *sy);
}
+ if(!im) {
+ goto fail1;
+ }
if (!_gdGetColors(in, im, gd2xFlag)) {
goto fail2;
}
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00101.phpt?r1=1.1r2=1.2diff_format=u
Index: php-src/ext/gd/tests/libgd00101.phpt
diff -u /dev/null php-src/ext/gd/tests/libgd00101.phpt:1.2
--- /dev/null Thu Aug 9 14:22:38 2007
+++ php-src/ext/gd/tests/libgd00101.phptThu Aug 9 14:22:38 2007
@@ -0,0 +1,18 @@
+--TEST--
+libgd #101 (imagecreatefromgd can crash if gdImageCreate fails)
+--SKIPIF--
+?php
+ if (!extension_loaded('gd')) die(skip gd extension not available\n);
+ if (!GD_BUNDLED) die(skip requires bundled GD library\n);
+?
+--FILE--
+?php
+$im = imagecreatefromgd(dirname(__FILE__) . '/libgd00101.gd');
+var_dump($im);
+?
+--EXPECTF--
+Warning: imagecreatefromgd(): gd warning: product of memory allocation
multiplication would exceed INT_MAX, failing operation gracefully
+ in %slibgd00101.php on line %d
+
+Warning: imagecreatefromgd(): '%slibgd00101.gd' is not a valid GD file in
%slibgd00101.php on line %d
+bool(false)
http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00101.gd?r1=1.1r2=1.2diff_format=u
Index: php-src/ext/gd/tests/libgd00101.gd
diff -u /dev/null php-src/ext/gd/tests/libgd00101.gd:1.2
--- /dev/null Thu Aug 9 14:22:38 2007
+++ php-src/ext/gd/tests/libgd00101.gd Thu Aug 9 14:22:38 2007
@@ -0,0 +1 @@
+ÿýÿý
\ No newline at end of file
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /ext/openssl openssl.c
Hi!
Please see attached patch.
Cheers, Mattias.
On Wed, Aug 08, 2007 at 02:18:42AM +0400, Antony Dovgal wrote:
Two OpenSSL tests started to fail yesterday:
# cat ext/openssl/tests/004.diff
009+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed)
in /local/qa/5_2/ext/openssl/tests/004.php on line 7
009- Warning: openssl_csr_new(): add1_attr_by_txt challengePassword_min -
4 (failed) in %s on line %d
011+
012+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed)
in /local/qa/5_2/ext/openssl/tests/004.php on line 12
013+ bool(false)
011- resource(%d) of type (OpenSSL X.509 CSR)
# cat ext/openssl/tests/bug36732.diff
001+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed)
in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 16
002+
001- Ok
002- Ok
003+ Warning: openssl_csr_sign(): cannot get CSR from parameter 1 in
/local/qa/5_2/ext/openssl/tests/bug36732.php on line 17
004+
005+ Warning: openssl_csr_export() expects parameter 1 to be resource,
boolean given in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 20
006+
007+ Warning: openssl_x509_export(): cannot get cert from parameter 1 in
/local/qa/5_2/ext/openssl/tests/bug36732.php on line 25
On 06.08.2007 23:50, Pierre-Alain Joye wrote:
pajoye Mon Aug 6 19:50:16 2007 UTC
Modified files:
/php-src/ext/openssl openssl.c
Log:
- MFB: #4, forgot this one (thanks mattias)
http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.147r2=1.148diff_format=u
Index: php-src/ext/openssl/openssl.c
diff -u php-src/ext/openssl/openssl.c:1.147
php-src/ext/openssl/openssl.c:1.148
--- php-src/ext/openssl/openssl.c:1.147 Mon Aug 6 19:13:05 2007
+++ php-src/ext/openssl/openssl.cMon Aug 6 19:50:16 2007
@@ -20,7 +20,7 @@
+--+
*/
-/* $Id: openssl.c,v 1.147 2007/08/06 19:13:05 pajoye Exp $ */
+/* $Id: openssl.c,v 1.148 2007/08/06 19:50:16 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1818,9 +1818,10 @@
len = 200;
}
memcpy(buffer, type, len);
-buffer[len] = '\0';
+buffer[len - 1] = '\0';
+
type = buffer;
-
+
/* Skip past any leading X. X: X, etc to allow for
multiple
* instances */
for (str = type; *str; str++) {
--
Wbr,
Antony Dovgal
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Index: ext/openssl/openssl.c
===
RCS file: /repository/php-src/ext/openssl/openssl.c,v
retrieving revision 1.98.2.5.2.40
diff -u -a -r1.98.2.5.2.40 openssl.c
--- ext/openssl/openssl.c 6 Aug 2007 19:49:45 - 1.98.2.5.2.40
+++ ext/openssl/openssl.c 8 Aug 2007 06:19:40 -
@@ -1726,7 +1726,7 @@
/* Finally apply defaults from config file */
for(i = 0; i sk_CONF_VALUE_num(dn_sk); i++) {
int len;
- char buffer[200];
+ char buffer[200 + 1];
v = sk_CONF_VALUE_value(dn_sk, i);
type = v-name;
@@ -1743,7 +1743,7 @@
len = 200;
}
memcpy(buffer, type, len);
- buffer[len - 1] = '\0';
+ buffer[len] = '\0';
type = buffer;
/* Skip past any leading X. X: X, etc to allow for
multiple
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
