[PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/libgd gd.c /ext/gd/tests bug43121.gif bug43121.phpt
mattias Sun Nov 4 23:56:00 2007 UTC Added files: (Branch: PHP_5_2) /php-src/ext/gd/tests bug43121.gif bug43121.phpt Modified files: /php-src/ext/gd/libgd gd.c Log: - Fixed Bug #43121 (gdImageFill with IMG_COLOR_TILED crashes httpd) http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd.c?r1=1.90.2.1.2.21r2=1.90.2.1.2.22diff_format=u Index: php-src/ext/gd/libgd/gd.c diff -u php-src/ext/gd/libgd/gd.c:1.90.2.1.2.21 php-src/ext/gd/libgd/gd.c:1.90.2.1.2.22 --- php-src/ext/gd/libgd/gd.c:1.90.2.1.2.21 Tue Sep 11 21:03:48 2007 +++ php-src/ext/gd/libgd/gd.c Sun Nov 4 23:56:00 2007 @@ -2050,14 +2050,14 @@ static void _gdImageFillTiled(gdImagePtr im, int x, int y, int nc) { - int l, x1, x2, dy; + int i, l, x1, x2, dy; int oc; /* old pixel value */ int tiled; int wx2,wy2; /* stack of filled segments */ struct seg *stack; struct seg *sp; - char *pts; + char **pts; if (!im-tile) { return; @@ -2067,7 +2067,11 @@ tiled = nc==gdTiled; nc = gdImageTileGet(im,x,y); - pts = (char *) ecalloc(im-sy * im-sx, sizeof(char)); + + pts = (char **) ecalloc(im-sy + 1, sizeof(char *)); + for (i = 0; i im-sy + 1; i++) { + pts[i] = (char *) ecalloc(im-sx + 1, sizeof(char)); + } stack = (struct seg *)safe_emalloc(sizeof(struct seg), ((int)(im-sy*im-sx)/4), 1); sp = stack; @@ -2080,9 +2084,9 @@ FILL_PUSH(y+1, x, x, -1); while (spstack) { FILL_POP(y, x1, x2, dy); - for (x=x1; x=0 (!pts[y + x*wx2] gdImageGetPixel(im,x,y)==oc); x--) { + for (x=x1; x=0 (!pts[y][x] gdImageGetPixel(im,x,y)==oc); x--) { nc = gdImageTileGet(im,x,y); - pts[y + x*wx2]=1; + pts[y][x] = 1; gdImageSetPixel(im,x, y, nc); } if (x=x1) { @@ -2096,9 +2100,9 @@ } x = x1+1; do { - for (; xwx2 (!pts[y + x*wx2] gdImageGetPixel(im,x, y)==oc) ; x++) { + for(; xwx2 (!pts[y][x] gdImageGetPixel(im,x, y)==oc); x++) { nc = gdImageTileGet(im,x,y); - pts[y + x*wx2]=1; + pts[y][x] = 1; gdImageSetPixel(im, x, y, nc); } FILL_PUSH(y, l, x-1, dy); @@ -2106,11 +2110,15 @@ if (xx2+1) { FILL_PUSH(y, x2+1, x-1, -dy); } -skip: for (x++; x=x2 (pts[y + x*wx2] || gdImageGetPixel(im,x, y)!=oc); x++); +skip: for(x++; x=x2 (pts[y][x] || gdImageGetPixel(im,x, y)!=oc); x++); l = x; } while (x=x2); } + for(i = 0; i im-sy + 1; i++) { + efree(pts[i]); + } + efree(pts); efree(stack); } http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/bug43121.phpt?view=markuprev=1.1 Index: php-src/ext/gd/tests/bug43121.phpt +++ php-src/ext/gd/tests/bug43121.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_3) /ext/gd/libgd gd.c /ext/gd/tests bug43121.gif bug43121.phpt
mattias Sun Nov 4 23:56:41 2007 UTC Added files: (Branch: PHP_5_3) /php-src/ext/gd/tests bug43121.gif bug43121.phpt Modified files: /php-src/ext/gd/libgd gd.c Log: -MFB, Fixed Bug #43121 (gdImageFill with IMG_COLOR_TILED crashes httpd) http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd.c?r1=1.90.2.1.2.21r2=1.90.2.1.2.21.2.1diff_format=u Index: php-src/ext/gd/libgd/gd.c diff -u php-src/ext/gd/libgd/gd.c:1.90.2.1.2.21 php-src/ext/gd/libgd/gd.c:1.90.2.1.2.21.2.1 --- php-src/ext/gd/libgd/gd.c:1.90.2.1.2.21 Tue Sep 11 21:03:48 2007 +++ php-src/ext/gd/libgd/gd.c Sun Nov 4 23:56:41 2007 @@ -2050,14 +2050,14 @@ static void _gdImageFillTiled(gdImagePtr im, int x, int y, int nc) { - int l, x1, x2, dy; + int i, l, x1, x2, dy; int oc; /* old pixel value */ int tiled; int wx2,wy2; /* stack of filled segments */ struct seg *stack; struct seg *sp; - char *pts; + char **pts; if (!im-tile) { return; @@ -2067,7 +2067,11 @@ tiled = nc==gdTiled; nc = gdImageTileGet(im,x,y); - pts = (char *) ecalloc(im-sy * im-sx, sizeof(char)); + + pts = (char **) ecalloc(im-sy + 1, sizeof(char *)); + for (i = 0; i im-sy + 1; i++) { + pts[i] = (char *) ecalloc(im-sx + 1, sizeof(char)); + } stack = (struct seg *)safe_emalloc(sizeof(struct seg), ((int)(im-sy*im-sx)/4), 1); sp = stack; @@ -2080,9 +2084,9 @@ FILL_PUSH(y+1, x, x, -1); while (spstack) { FILL_POP(y, x1, x2, dy); - for (x=x1; x=0 (!pts[y + x*wx2] gdImageGetPixel(im,x,y)==oc); x--) { + for (x=x1; x=0 (!pts[y][x] gdImageGetPixel(im,x,y)==oc); x--) { nc = gdImageTileGet(im,x,y); - pts[y + x*wx2]=1; + pts[y][x] = 1; gdImageSetPixel(im,x, y, nc); } if (x=x1) { @@ -2096,9 +2100,9 @@ } x = x1+1; do { - for (; xwx2 (!pts[y + x*wx2] gdImageGetPixel(im,x, y)==oc) ; x++) { + for(; xwx2 (!pts[y][x] gdImageGetPixel(im,x, y)==oc); x++) { nc = gdImageTileGet(im,x,y); - pts[y + x*wx2]=1; + pts[y][x] = 1; gdImageSetPixel(im, x, y, nc); } FILL_PUSH(y, l, x-1, dy); @@ -2106,11 +2110,15 @@ if (xx2+1) { FILL_PUSH(y, x2+1, x-1, -dy); } -skip: for (x++; x=x2 (pts[y + x*wx2] || gdImageGetPixel(im,x, y)!=oc); x++); +skip: for(x++; x=x2 (pts[y][x] || gdImageGetPixel(im,x, y)!=oc); x++); l = x; } while (x=x2); } + for(i = 0; i im-sy + 1; i++) { + efree(pts[i]); + } + efree(pts); efree(stack); } http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/bug43121.phpt?view=markuprev=1.1 Index: php-src/ext/gd/tests/bug43121.phpt +++ php-src/ext/gd/tests/bug43121.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/gd/libgd gd.c /ext/gd/tests bug43121.gif bug43121.phpt
mattias Sun Nov 4 23:57:07 2007 UTC Modified files: /php-src/ext/gd/libgd gd.c /php-src/ext/gd/tests bug43121.gif bug43121.phpt Log: -MFB, Fixed Bug #43121 (gdImageFill with IMG_COLOR_TILED crashes httpd) http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd.c?r1=1.113r2=1.114diff_format=u Index: php-src/ext/gd/libgd/gd.c diff -u php-src/ext/gd/libgd/gd.c:1.113 php-src/ext/gd/libgd/gd.c:1.114 --- php-src/ext/gd/libgd/gd.c:1.113 Tue Sep 11 21:07:04 2007 +++ php-src/ext/gd/libgd/gd.c Sun Nov 4 23:57:07 2007 @@ -2047,14 +2047,14 @@ static void _gdImageFillTiled(gdImagePtr im, int x, int y, int nc) { - int l, x1, x2, dy; + int i, l, x1, x2, dy; int oc; /* old pixel value */ int tiled; int wx2,wy2; /* stack of filled segments */ struct seg *stack; struct seg *sp; - char *pts; + char **pts; if (!im-tile) { return; @@ -2064,7 +2064,11 @@ tiled = nc==gdTiled; nc = gdImageTileGet(im,x,y); - pts = (char *) ecalloc(im-sy * im-sx, sizeof(char)); + + pts = (char **) ecalloc(im-sy + 1, sizeof(char *)); + for (i = 0; i im-sy + 1; i++) { + pts[i] = (char *) ecalloc(im-sx + 1, sizeof(char)); + } stack = (struct seg *)safe_emalloc(sizeof(struct seg), ((int)(im-sy*im-sx)/4), 1); sp = stack; @@ -2077,9 +2081,9 @@ FILL_PUSH(y+1, x, x, -1); while (spstack) { FILL_POP(y, x1, x2, dy); - for (x=x1; x=0 (!pts[y + x*wx2] gdImageGetPixel(im,x,y)==oc); x--) { + for (x=x1; x=0 (!pts[y][x] gdImageGetPixel(im,x,y)==oc); x--) { nc = gdImageTileGet(im,x,y); - pts[y + x*wx2]=1; + pts[y][x] = 1; gdImageSetPixel(im,x, y, nc); } if (x=x1) { @@ -2093,9 +2097,9 @@ } x = x1+1; do { - for (; xwx2 (!pts[y + x*wx2] gdImageGetPixel(im,x, y)==oc) ; x++) { + for(; xwx2 (!pts[y][x] gdImageGetPixel(im,x, y)==oc); x++) { nc = gdImageTileGet(im,x,y); - pts[y + x*wx2]=1; + pts[y][x] = 1; gdImageSetPixel(im, x, y, nc); } FILL_PUSH(y, l, x-1, dy); @@ -2103,11 +2107,15 @@ if (xx2+1) { FILL_PUSH(y, x2+1, x-1, -dy); } -skip: for (x++; x=x2 (pts[y + x*wx2] || gdImageGetPixel(im,x, y)!=oc); x++); +skip: for(x++; x=x2 (pts[y][x] || gdImageGetPixel(im,x, y)!=oc); x++); l = x; } while (x=x2); } + for(i = 0; i im-sy + 1; i++) { + efree(pts[i]); + } + efree(pts); efree(stack); } http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/bug43121.gif?r1=1.1r2=1.2diff_format=u Index: php-src/ext/gd/tests/bug43121.gif http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/bug43121.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/gd/tests/bug43121.phpt diff -u /dev/null php-src/ext/gd/tests/bug43121.phpt:1.2 --- /dev/null Sun Nov 4 23:57:07 2007 +++ php-src/ext/gd/tests/bug43121.phpt Sun Nov 4 23:57:07 2007 @@ -0,0 +1,21 @@ +--TEST-- +Bug #43121 (gdImageFill with IMG_COLOR_TILED crashes httpd) +--SKIPIF-- +?php + if (!extension_loaded('gd')) die(skip gd extension not available\n); +? +--FILE-- +?php +$im = ImageCreate( 200, 100 ); +$black = ImageColorAllocate( $im, 0, 0, 0 ); + +$im_tile = ImageCreateFromGif( transback.gif ); +ImageSetTile( $im, $im_tile ); +ImageFill( $im, 0, 0, IMG_COLOR_TILED ); + +ImageDestroy( $im ); + +print OK; +? +--EXPECTF-- +OK -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/tests bug43121.phpt
mattias Mon Nov 5 01:14:19 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/gd/tests bug43121.phpt Log: - Right filename http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/bug43121.phpt?r1=1.1.2.1r2=1.1.2.2diff_format=u Index: php-src/ext/gd/tests/bug43121.phpt diff -u php-src/ext/gd/tests/bug43121.phpt:1.1.2.1 php-src/ext/gd/tests/bug43121.phpt:1.1.2.2 --- php-src/ext/gd/tests/bug43121.phpt:1.1.2.1 Sun Nov 4 23:56:00 2007 +++ php-src/ext/gd/tests/bug43121.phpt Mon Nov 5 01:14:18 2007 @@ -9,7 +9,7 @@ $im = ImageCreate( 200, 100 ); $black = ImageColorAllocate( $im, 0, 0, 0 ); -$im_tile = ImageCreateFromGif( transback.gif ); +$im_tile = ImageCreateFromGif(dirname(__FILE__) . /bug43121.gif ); ImageSetTile( $im, $im_tile ); ImageFill( $im, 0, 0, IMG_COLOR_TILED ); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_3) /ext/gd/tests bug43121.phpt
mattias Mon Nov 5 01:14:31 2007 UTC Modified files: (Branch: PHP_5_3) /php-src/ext/gd/tests bug43121.phpt Log: -MFB, Right filename http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/bug43121.phpt?r1=1.1.4.2r2=1.1.4.3diff_format=u Index: php-src/ext/gd/tests/bug43121.phpt diff -u php-src/ext/gd/tests/bug43121.phpt:1.1.4.2 php-src/ext/gd/tests/bug43121.phpt:1.1.4.3 --- php-src/ext/gd/tests/bug43121.phpt:1.1.4.2 Sun Nov 4 23:56:41 2007 +++ php-src/ext/gd/tests/bug43121.phpt Mon Nov 5 01:14:31 2007 @@ -9,7 +9,7 @@ $im = ImageCreate( 200, 100 ); $black = ImageColorAllocate( $im, 0, 0, 0 ); -$im_tile = ImageCreateFromGif( transback.gif ); +$im_tile = ImageCreateFromGif(dirname(__FILE__) . /bug43121.gif ); ImageSetTile( $im, $im_tile ); ImageFill( $im, 0, 0, IMG_COLOR_TILED ); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/gd/tests bug43121.phpt
mattias Mon Nov 5 01:14:44 2007 UTC Modified files: /php-src/ext/gd/tests bug43121.phpt Log: -MFB, Right filename http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/bug43121.phpt?r1=1.2r2=1.3diff_format=u Index: php-src/ext/gd/tests/bug43121.phpt diff -u php-src/ext/gd/tests/bug43121.phpt:1.2 php-src/ext/gd/tests/bug43121.phpt:1.3 --- php-src/ext/gd/tests/bug43121.phpt:1.2 Sun Nov 4 23:57:07 2007 +++ php-src/ext/gd/tests/bug43121.phpt Mon Nov 5 01:14:44 2007 @@ -9,7 +9,7 @@ $im = ImageCreate( 200, 100 ); $black = ImageColorAllocate( $im, 0, 0, 0 ); -$im_tile = ImageCreateFromGif( transback.gif ); +$im_tile = ImageCreateFromGif(dirname(__FILE__) . /bug43121.gif ); ImageSetTile( $im, $im_tile ); ImageFill( $im, 0, 0, IMG_COLOR_TILED ); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/libgd gd_security.c
mattias Tue Oct 23 01:58:09 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/gd/libgd gd_security.c Log: - Be paranoid and dont allow multiplication with zero http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_security.c?r1=1.1.2.2r2=1.1.2.3diff_format=u Index: php-src/ext/gd/libgd/gd_security.c diff -u php-src/ext/gd/libgd/gd_security.c:1.1.2.2 php-src/ext/gd/libgd/gd_security.c:1.1.2.3 --- php-src/ext/gd/libgd/gd_security.c:1.1.2.2 Sat Mar 10 12:18:36 2007 +++ php-src/ext/gd/libgd/gd_security.c Tue Oct 23 01:58:08 2007 @@ -19,12 +19,10 @@ int overflow2(int a, int b) { - if(a 0 || b 0) { - php_gd_error(gd warning: one parameter to a memory allocation multiplication is negative, failing operation gracefully\n); + if(a = 0 || b = 0) { + php_gd_error(gd warning: one parameter to a memory allocation multiplication is negative or zero, failing operation gracefully\n); return 1; } - if(b == 0) - return 0; if(a INT_MAX / b) { php_gd_error(gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n); return 1; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_3) /ext/gd/libgd gd_security.c
mattias Tue Oct 23 01:58:30 2007 UTC Modified files: (Branch: PHP_5_3) /php-src/ext/gd/libgd gd_security.c Log: -MFB, Be paranoid and dont allow multiplication with zero http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_security.c?r1=1.1.2.2r2=1.1.2.2.2.1diff_format=u Index: php-src/ext/gd/libgd/gd_security.c diff -u php-src/ext/gd/libgd/gd_security.c:1.1.2.2 php-src/ext/gd/libgd/gd_security.c:1.1.2.2.2.1 --- php-src/ext/gd/libgd/gd_security.c:1.1.2.2 Sat Mar 10 12:18:36 2007 +++ php-src/ext/gd/libgd/gd_security.c Tue Oct 23 01:58:30 2007 @@ -19,12 +19,10 @@ int overflow2(int a, int b) { - if(a 0 || b 0) { - php_gd_error(gd warning: one parameter to a memory allocation multiplication is negative, failing operation gracefully\n); + if(a = 0 || b = 0) { + php_gd_error(gd warning: one parameter to a memory allocation multiplication is negative or zero, failing operation gracefully\n); return 1; } - if(b == 0) - return 0; if(a INT_MAX / b) { php_gd_error(gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n); return 1; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/gd/libgd gd_security.c
mattias Tue Oct 23 01:58:41 2007 UTC Modified files: /php-src/ext/gd/libgd gd_security.c Log: -MFB, Be paranoid and dont allow multiplication with zero http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_security.c?r1=1.1r2=1.2diff_format=u Index: php-src/ext/gd/libgd/gd_security.c diff -u php-src/ext/gd/libgd/gd_security.c:1.1 php-src/ext/gd/libgd/gd_security.c:1.2 --- php-src/ext/gd/libgd/gd_security.c:1.1 Sat Mar 10 12:16:19 2007 +++ php-src/ext/gd/libgd/gd_security.c Tue Oct 23 01:58:41 2007 @@ -19,12 +19,10 @@ int overflow2(int a, int b) { - if(a 0 || b 0) { - php_gd_error(gd warning: one parameter to a memory allocation multiplication is negative, failing operation gracefully\n); + if(a = 0 || b = 0) { + php_gd_error(gd warning: one parameter to a memory allocation multiplication is negative or zero, failing operation gracefully\n); return 1; } - if(b == 0) - return 0; if(a INT_MAX / b) { php_gd_error(gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n); return 1; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/libgd xbm.c /ext/gd/tests libgd00094.phpt libgd00094.xbm
mattias Thu Aug 9 12:08:29 2007 UTC Added files: (Branch: PHP_5_2) /php-src/ext/gd/tests libgd00094.phpt libgd00094.xbm Modified files: /php-src/ext/gd/libgd xbm.c Log: - libgd #94, imagecreatefromxbm can crash if gdImageCreate fails http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/xbm.c?r1=1.7.2.2.2.1r2=1.7.2.2.2.2diff_format=u Index: php-src/ext/gd/libgd/xbm.c diff -u php-src/ext/gd/libgd/xbm.c:1.7.2.2.2.1 php-src/ext/gd/libgd/xbm.c:1.7.2.2.2.2 --- php-src/ext/gd/libgd/xbm.c:1.7.2.2.2.1 Mon Jan 1 09:36:01 2007 +++ php-src/ext/gd/libgd/xbm.c Thu Aug 9 12:08:29 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: xbm.c,v 1.7.2.2.2.1 2007/01/01 09:36:01 sebastian Exp $ */ +/* $Id: xbm.c,v 1.7.2.2.2.2 2007/08/09 12:08:29 mattias Exp $ */ #include stdio.h #include math.h @@ -96,7 +96,9 @@ return 0; } - im = gdImageCreate(width, height); + if(!(im = gdImageCreate(width, height))) { + return 0; + } gdImageColorAllocate(im, 255, 255, 255); gdImageColorAllocate(im, 0, 0, 0); h[2] = '\0'; http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00094.phpt?view=markuprev=1.1 Index: php-src/ext/gd/tests/libgd00094.phpt +++ php-src/ext/gd/tests/libgd00094.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00094.xbm?view=markuprev=1.1 Index: php-src/ext/gd/tests/libgd00094.xbm +++ php-src/ext/gd/tests/libgd00094.xbm -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/gd/libgd xbm.c /ext/gd/tests libgd00094.phpt libgd00094.xbm
mattias Thu Aug 9 12:09:30 2007 UTC Modified files: /php-src/ext/gd/libgd xbm.c /php-src/ext/gd/tests libgd00094.phpt libgd00094.xbm Log: -MFB: libgd #94, imagecreatefromxbm can crash if gdImageCreate fails http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/xbm.c?r1=1.10r2=1.11diff_format=u Index: php-src/ext/gd/libgd/xbm.c diff -u php-src/ext/gd/libgd/xbm.c:1.10 php-src/ext/gd/libgd/xbm.c:1.11 --- php-src/ext/gd/libgd/xbm.c:1.10 Mon Jan 1 09:29:24 2007 +++ php-src/ext/gd/libgd/xbm.c Thu Aug 9 12:09:30 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: xbm.c,v 1.10 2007/01/01 09:29:24 sebastian Exp $ */ +/* $Id: xbm.c,v 1.11 2007/08/09 12:09:30 mattias Exp $ */ #include stdio.h #include math.h @@ -96,7 +96,9 @@ return 0; } - im = gdImageCreate(width, height); + if(!(im = gdImageCreate(width, height))) { + return 0; + } gdImageColorAllocate(im, 255, 255, 255); gdImageColorAllocate(im, 0, 0, 0); h[2] = '\0'; http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00094.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/gd/tests/libgd00094.phpt diff -u /dev/null php-src/ext/gd/tests/libgd00094.phpt:1.2 --- /dev/null Thu Aug 9 12:09:30 2007 +++ php-src/ext/gd/tests/libgd00094.phptThu Aug 9 12:09:30 2007 @@ -0,0 +1,19 @@ +--TEST-- +libgd #94 (imagecreatefromxbm can crash if gdImageCreate fails) +--SKIPIF-- +?php + if (!extension_loaded('gd')) die(skip gd extension not available\n); + if (!GD_BUNDLED) die(skip requires bundled GD library\n); +? +--FILE-- +?php +$im = imagecreatefromxbm(dirname(__FILE__) . '/libgd00094.xbm'); +var_dump($im); +? +--EXPECTF-- +Warning: imagecreatefromxbm(): gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully + in %slibgd00094.php on line %d + +Warning: imagecreatefromxbm(): '%slibgd00094.xbm' is not a valid XBM file in %slibgd00094.php on line %d +bool(false) + http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00094.xbm?r1=1.1r2=1.2diff_format=u Index: php-src/ext/gd/tests/libgd00094.xbm diff -u /dev/null php-src/ext/gd/tests/libgd00094.xbm:1.2 --- /dev/null Thu Aug 9 12:09:30 2007 +++ php-src/ext/gd/tests/libgd00094.xbm Thu Aug 9 12:09:30 2007 @@ -0,0 +1,3 @@ +#define width 255 +#define height 1073741824 +static unsigned char bla = { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/gd/libgd gd_gd.c /ext/gd/tests libgd00101.gd libgd00101.phpt
mattias Thu Aug 9 14:21:38 2007 UTC Added files: (Branch: PHP_5_2) /php-src/ext/gd/tests libgd00101.phpt libgd00101.gd Modified files: /php-src/ext/gd/libgd gd_gd.c Log: - libgd #101, imagecreatefromgd can crash if gdImageCreate fails http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gd.c?r1=1.8r2=1.8.6.1diff_format=u Index: php-src/ext/gd/libgd/gd_gd.c diff -u php-src/ext/gd/libgd/gd_gd.c:1.8 php-src/ext/gd/libgd/gd_gd.c:1.8.6.1 --- php-src/ext/gd/libgd/gd_gd.c:1.8Mon Mar 29 18:20:33 2004 +++ php-src/ext/gd/libgd/gd_gd.cThu Aug 9 14:21:38 2007 @@ -122,6 +122,9 @@ } else { im = gdImageCreate(*sx, *sy); } + if(!im) { + goto fail1; + } if (!_gdGetColors(in, im, gd2xFlag)) { goto fail2; } http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00101.phpt?view=markuprev=1.1 Index: php-src/ext/gd/tests/libgd00101.phpt +++ php-src/ext/gd/tests/libgd00101.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00101.gd?view=markuprev=1.1 Index: php-src/ext/gd/tests/libgd00101.gd +++ php-src/ext/gd/tests/libgd00101.gd -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/gd/libgd gd_gd.c /ext/gd/tests libgd00101.gd libgd00101.phpt
mattias Thu Aug 9 14:22:38 2007 UTC Modified files: /php-src/ext/gd/libgd gd_gd.c /php-src/ext/gd/tests libgd00101.phpt libgd00101.gd Log: -MFB: libgd #101, imagecreatefromgd can crash if gdImageCreate fails http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gd.c?r1=1.8r2=1.9diff_format=u Index: php-src/ext/gd/libgd/gd_gd.c diff -u php-src/ext/gd/libgd/gd_gd.c:1.8 php-src/ext/gd/libgd/gd_gd.c:1.9 --- php-src/ext/gd/libgd/gd_gd.c:1.8Mon Mar 29 18:20:33 2004 +++ php-src/ext/gd/libgd/gd_gd.cThu Aug 9 14:22:38 2007 @@ -122,6 +122,9 @@ } else { im = gdImageCreate(*sx, *sy); } + if(!im) { + goto fail1; + } if (!_gdGetColors(in, im, gd2xFlag)) { goto fail2; } http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00101.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/gd/tests/libgd00101.phpt diff -u /dev/null php-src/ext/gd/tests/libgd00101.phpt:1.2 --- /dev/null Thu Aug 9 14:22:38 2007 +++ php-src/ext/gd/tests/libgd00101.phptThu Aug 9 14:22:38 2007 @@ -0,0 +1,18 @@ +--TEST-- +libgd #101 (imagecreatefromgd can crash if gdImageCreate fails) +--SKIPIF-- +?php + if (!extension_loaded('gd')) die(skip gd extension not available\n); + if (!GD_BUNDLED) die(skip requires bundled GD library\n); +? +--FILE-- +?php +$im = imagecreatefromgd(dirname(__FILE__) . '/libgd00101.gd'); +var_dump($im); +? +--EXPECTF-- +Warning: imagecreatefromgd(): gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully + in %slibgd00101.php on line %d + +Warning: imagecreatefromgd(): '%slibgd00101.gd' is not a valid GD file in %slibgd00101.php on line %d +bool(false) http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/libgd00101.gd?r1=1.1r2=1.2diff_format=u Index: php-src/ext/gd/tests/libgd00101.gd diff -u /dev/null php-src/ext/gd/tests/libgd00101.gd:1.2 --- /dev/null Thu Aug 9 14:22:38 2007 +++ php-src/ext/gd/tests/libgd00101.gd Thu Aug 9 14:22:38 2007 @@ -0,0 +1 @@ +ÿýÿý \ No newline at end of file -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /ext/openssl openssl.c
Hi! Please see attached patch. Cheers, Mattias. On Wed, Aug 08, 2007 at 02:18:42AM +0400, Antony Dovgal wrote: Two OpenSSL tests started to fail yesterday: # cat ext/openssl/tests/004.diff 009+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed) in /local/qa/5_2/ext/openssl/tests/004.php on line 7 009- Warning: openssl_csr_new(): add1_attr_by_txt challengePassword_min - 4 (failed) in %s on line %d 011+ 012+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed) in /local/qa/5_2/ext/openssl/tests/004.php on line 12 013+ bool(false) 011- resource(%d) of type (OpenSSL X.509 CSR) # cat ext/openssl/tests/bug36732.diff 001+ Warning: openssl_csr_new(): add_entry_by_txt countryNam - AU (failed) in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 16 002+ 001- Ok 002- Ok 003+ Warning: openssl_csr_sign(): cannot get CSR from parameter 1 in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 17 004+ 005+ Warning: openssl_csr_export() expects parameter 1 to be resource, boolean given in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 20 006+ 007+ Warning: openssl_x509_export(): cannot get cert from parameter 1 in /local/qa/5_2/ext/openssl/tests/bug36732.php on line 25 On 06.08.2007 23:50, Pierre-Alain Joye wrote: pajoye Mon Aug 6 19:50:16 2007 UTC Modified files: /php-src/ext/openssl openssl.c Log: - MFB: #4, forgot this one (thanks mattias) http://cvs.php.net/viewvc.cgi/php-src/ext/openssl/openssl.c?r1=1.147r2=1.148diff_format=u Index: php-src/ext/openssl/openssl.c diff -u php-src/ext/openssl/openssl.c:1.147 php-src/ext/openssl/openssl.c:1.148 --- php-src/ext/openssl/openssl.c:1.147 Mon Aug 6 19:13:05 2007 +++ php-src/ext/openssl/openssl.cMon Aug 6 19:50:16 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: openssl.c,v 1.147 2007/08/06 19:13:05 pajoye Exp $ */ +/* $Id: openssl.c,v 1.148 2007/08/06 19:50:16 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1818,9 +1818,10 @@ len = 200; } memcpy(buffer, type, len); -buffer[len] = '\0'; +buffer[len - 1] = '\0'; + type = buffer; - + /* Skip past any leading X. X: X, etc to allow for multiple * instances */ for (str = type; *str; str++) { -- Wbr, Antony Dovgal -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Index: ext/openssl/openssl.c === RCS file: /repository/php-src/ext/openssl/openssl.c,v retrieving revision 1.98.2.5.2.40 diff -u -a -r1.98.2.5.2.40 openssl.c --- ext/openssl/openssl.c 6 Aug 2007 19:49:45 - 1.98.2.5.2.40 +++ ext/openssl/openssl.c 8 Aug 2007 06:19:40 - @@ -1726,7 +1726,7 @@ /* Finally apply defaults from config file */ for(i = 0; i sk_CONF_VALUE_num(dn_sk); i++) { int len; - char buffer[200]; + char buffer[200 + 1]; v = sk_CONF_VALUE_value(dn_sk, i); type = v-name; @@ -1743,7 +1743,7 @@ len = 200; } memcpy(buffer, type, len); - buffer[len - 1] = '\0'; + buffer[len] = '\0'; type = buffer; /* Skip past any leading X. X: X, etc to allow for multiple -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php