| #
772b1cb2 |
| 10-Jan-2019 |
Christoph M. Becker |
Fix #77272: imagescale() may return image resource on failure
`_gdScaleHoriz()` and `_gdScaleVert()` may fail, but don't signal
failure since they are void functions. We change that acc
Fix #77272: imagescale() may return image resource on failure
`_gdScaleHoriz()` and `_gdScaleVert()` may fail, but don't signal
failure since they are void functions. We change that according to
upstream libgd.
We also remove the unused `Scale()` function, which doesn't exist in
upstream libgd either, right away.
show more ...
|
|
Revision tags: php-5.6.40, php-7.1.26, php-7.3.1, php-7.2.14 |
|
| #
e40027ef |
| 06-Jan-2019 |
Stanislav Malyshev |
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix #77369 - memcpy with negative length via crafted DNS response
Fix more issues with encodilng length
Fix #77270: imagecolo
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix #77369 - memcpy with negative length via crafted DNS response
Fix more issues with encodilng length
Fix #77270: imagecolormatch Out Of Bounds Write on Heap
Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
Fix #77269: Potential unsigned underflow in gdImageScale
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
Regenerate certs for openssl tests
show more ...
|
|
Revision tags: php-7.2.14RC1, php-7.3.1RC1 |
|
| #
dfd8237a |
| 12-Dec-2018 |
Christoph M. Becker |
Fix #77269: Potential unsigned underflow in gdImageScale
Belatedly, we're porting the respective upstream patch[1].
[1] <https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dc
Fix #77269: Potential unsigned underflow in gdImageScale
Belatedly, we're porting the respective upstream patch[1].
[1] <https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35>
show more ...
|
|
Revision tags: php-5.6.39, php-7.1.25, php-7.2.13, php-7.0.33, php-7.3.0, php-7.1.25RC1, php-7.2.13RC1, php-7.3.0RC6, php-7.1.24, php-7.2.12, php-7.3.0RC5, php-7.1.24RC1, php-7.2.12RC1, php-7.3.0RC4, php-7.1.23, php-7.2.11, php-7.3.0RC3, php-7.1.23RC1, php-7.2.11RC1, php-7.3.0RC2, php-5.6.38, php-7.1.22, php-7.3.0RC1, php-7.2.10, php-7.0.32, php-7.1.22RC1, php-7.3.0beta3, php-7.2.10RC1, php-7.1.21, php-7.2.9, php-7.3.0beta2, php-7.1.21RC1, php-7.3.0beta1, php-7.2.9RC1, php-5.6.37, php-7.1.20, php-7.3.0alpha4, php-7.0.31, php-7.2.8, php-7.1.20RC1, php-7.2.8RC1, php-7.3.0alpha3, php-7.3.0alpha2, php-7.1.19, php-7.2.7, php-7.1.19RC1, php-7.3.0alpha1, php-7.2.7RC1, php-7.1.18, php-7.2.6, php-7.2.6RC1, php-7.1.18RC1, php-5.6.36, php-7.2.5, php-7.1.17, php-7.0.30, php-7.1.17RC1, php-7.2.5RC1, php-5.6.35, php-7.0.29, php-7.2.4, php-7.1.16, php-7.1.16RC1, php-7.2.4RC1, php-7.1.15, php-5.6.34, php-7.2.3, php-7.0.28, php-7.2.3RC1, php-7.1.15RC1 |
|
| #
a5f1a585 |
| 10-Feb-2018 |
Gabriel Caruso |
Removed unused variables |
|
Revision tags: php-7.1.14, php-7.2.2, php-7.1.14RC1, php-7.2.2RC1, php-7.1.13, php-5.6.33, php-7.2.1, php-7.0.27 |
|
| #
64002648 |
| 31-Dec-2017 |
Gabriel Caruso |
Trailing whitespaces
Signed-off-by: Gabriel Caruso <carusogabriel34@gmail.com> |
|
Revision tags: php-7.2.1RC1, php-7.1.13RC1, php-7.0.27RC1 |
|
| #
32e3d7b9 |
| 29-Nov-2017 |
Lior Kaplan |
Define floorf if system doesn't have it (follow up for 22c48761)
floorf is checked in config.m4 |
|
Revision tags: php-7.2.0, php-7.1.12, l, php-7.1.12RC1, php-7.2.0RC6, php-7.0.26RC1, php-7.1.11, php-5.6.32, php-7.2.0RC5, php-7.0.25 |
|
| #
22c48761 |
| 24-Oct-2017 |
Christoph M. Becker |
Fixed bug #65148 (imagerotate may alter image dimensions)
We apply the respective patches from external libgd, work around the
still missing `gdImageClone()`, and fix the special cased r
Fixed bug #65148 (imagerotate may alter image dimensions)
We apply the respective patches from external libgd, work around the
still missing `gdImageClone()`, and fix the special cased rotation
routines according to Pierre's patch
(https://gist.github.com/pierrejoye/59d72385ed1888cf8894a7ed437235ae).
We also cater to bug73272.phpt whose result obviously changes a bit.
show more ...
|
|
Revision tags: php-7.1.11RC1, php-7.2.0RC4, php-7.0.25RC1, php-7.1.10, php-7.2.0RC3, php-7.0.24, php-7.2.0RC2, php-7.1.10RC1, php-7.0.24RC1 |
|
| #
e20a6b02 |
| 01-Sep-2017 |
Christoph M. Becker |
Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?)
We back-port https://github.com/libgd/libgd/commit/dd48286 even though
we cannot come up with a regression test, because
Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?)
We back-port https://github.com/libgd/libgd/commit/dd48286 even though
we cannot come up with a regression test, because the erroneous
condition appears to be impossible to trigger.
We also parenthesize the inner ternary operation to avoid confusion.
show more ...
|
|
Revision tags: php-7.1.9, php-7.2.0RC1, php-7.0.23, php-7.1.9RC1, php-7.2.0beta3, php-7.0.23RC1, php-7.1.8, php-7.2.0beta2, php-7.0.22, php-7.1.8RC1, php-7.2.0beta1, php-7.0.22RC1, php-5.6.31, php-7.0.21, php-7.1.7, php-7.2.0alpha3, php-7.1.7RC1, php-7.0.21RC1, php-7.2.0alpha2, php-7.1.6, php-7.2.0alpha1, php-7.0.20, php-7.1.6RC1, php-7.0.20RC1, php-7.1.5, php-7.0.19, php-7.0.19RC1, php-7.1.5RC1, php-7.1.4, php-7.0.18, php-7.1.4RC1, php-7.0.18RC1, php-7.1.3, php-7.0.17, php-7.1.3RC1, php-7.0.17RC1, php-7.1.2, php-7.0.16, php-7.0.16RC1, php-7.1.2RC1, php-5.6.30, php-7.0.15, php-5.6.30RC1, php-7.1.1RC1, php-7.0.15RC1, php-7.1.1, php-5.6.29, php-7.0.14, php-7.1.0, php-5.6.29RC1, php-7.0.14RC1, php-7.1.0RC6, php-5.6.28, php-7.0.13, php-5.6.28RC1, php-7.1.0RC5, php-7.0.13RC1, php-7.1.0RC4, php-5.6.27, php-7.0.12 |
|
| #
fc989fc6 |
| 10-Oct-2016 |
Christoph M. Becker |
Fix #73279: Integer overflow in gdImageScaleBilinearPalette()
The color components are supposed to be in range 0..255, so we must not
cast them to `signed char`, what can be the default
Fix #73279: Integer overflow in gdImageScaleBilinearPalette()
The color components are supposed to be in range 0..255, so we must not
cast them to `signed char`, what can be the default for `char`.
Port of <https://github.com/libgd/libgd/commit/77c8d359>.
show more ...
|
|
Revision tags: php-7.1.0RC3, php-5.6.27RC1, php-7.0.12RC1, php-5.6.26, php-7.1.0RC2, php-7.0.11, php-5.6.26RC1, php-7.1.0RC1, php-7.0.11RC1, php-7.1.0beta3, php-5.6.25, php-7.0.10, php-7.1.0beta2, php-5.6.25RC1, php-7.0.10RC1 |
|
| #
88838dd2 |
| 23-Jul-2016 |
Christoph M. Becker |
Fix #68712: suspicious if-else statements |
| #
9fbd0c1f |
| 23-Jul-2016 |
Christoph M. Becker |
Fix copy&paste errors in gd_interpolation.c
According to <https://github.com/libgd/libgd/commit/f101380>. |
|
Revision tags: php-7.1.0beta1, php-5.6.24, php-7.0.9, php-5.5.38 |
|
| #
48e76aba |
| 19-Jul-2016 |
Pierre Joye |
improve fix #72558, free contribRow as well |
| #
df095150 |
| 19-Jul-2016 |
Pierre Joye |
improve fix #72558, while (u>=0) with unsigned int will always be true |
| #
f69362d2 |
| 19-Jul-2016 |
Stanislav Malyshev |
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
Fix memory leak
|
| #
47d6ea63 |
| 19-Jul-2016 |
Stanislav Malyshev |
Fix memory leak |
| #
4d0565b5 |
| 19-Jul-2016 |
Stanislav Malyshev |
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
fix #72519, possible OOB using imagegif
fix #72512, invalid read or write for palette image when invalid transparent index is used
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
fix #72519, possible OOB using imagegif
fix #72512, invalid read or write for palette image when invalid transparent index is used
Apparently some envs miss SIZE_MAX
Fix tests
Fix bug #72618: NULL Pointer Dereference in exif_process_user_comment
Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c
Fix for bug #72558, Integer overflow error within _gdContributionsAlloc()
Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE
Fix bug #72562 - destroy var_hash properly
Fix bug #72533 (locale_accept_from_http out-of-bounds access)
Fix fir bug #72520
Fix for bug #72513
CS fix and comments with bug ID
Fix for HTTP_PROXY issue.
add tests for bug #72512
Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access
Fixed bug #72479 - same as #72434
Conflicts:
ext/bz2/bz2.c
main/SAPI.c
main/php_variables.c
show more ...
|
| #
928aecc0 |
| 19-Jul-2016 |
Pierre Joye |
fix #72512, invalid read or write for palette image when invalid transparent index is used
Conflicts:
ext/gd/libgd/gd.c |
| #
511f07b7 |
| 19-Jul-2016 |
Pierre Joye |
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
fix #72512, invalid read or write for palette image when invalid transparent index is used
|
| #
0fbcff1b |
| 19-Jul-2016 |
Pierre Joye |
fix #72512, invalid read or write for palette image when invalid transparent index is used |
| #
d1a491ac |
| 18-Jul-2016 |
Stanislav Malyshev |
Fix for bug #72558, Integer overflow error within _gdContributionsAlloc() |
|
Revision tags: php-5.6.24RC1, php-7.1.0alpha3, php-7.0.9RC1, php-7.1.0alpha2, php-7.0.8, php-5.6.23, php-5.5.37 |
|
| #
7dde353e |
| 21-Jun-2016 |
Stanislav Malyshev |
Merge branch 'PHP-5.5' into PHP-5.6.23
* PHP-5.5:
Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
Merge branch 'PHP-5.5' into PHP-5.6.23
* PHP-5.5:
Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455: Heap Overflow due to integer overflows
Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275: don't allow smart_str to overflow int
Fix bug #72340: Double Free Courruption in wddx_deserialize
update NEWS
Fix #66387: Stack overflow with imagefilltoborder
Skip test which is 64bits only
5.5.37 now
Conflicts:
configure.in
ext/mcrypt/mcrypt.c
ext/spl/spl_directory.c
main/php_version.h
show more ...
|
| #
b9ec171e |
| 19-Jun-2016 |
Stanislav Malyshev |
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert |
|
Revision tags: php-5.6.23RC1, php-7.0.8RC1, php-7.1.0alpha1 |
|
| #
f8012595 |
| 07-Jun-2016 |
Pierre Joye |
#72337 invalid dimensions can lead to segv |
|
Revision tags: php-5.6.22, php-5.5.36, php-7.0.7 |
|
| #
544940c4 |
| 24-May-2016 |
Stanislav Malyshev |
Merge branch 'PHP-5.5' into PHP-5.6.22
* PHP-5.5:
Fix memory leak in imagescale()
Update NEWS
Better fix for bug #72135
Fixed bug #72227: imagescale out-of-bounds rea
Merge branch 'PHP-5.5' into PHP-5.6.22
* PHP-5.5:
Fix memory leak in imagescale()
Update NEWS
Better fix for bug #72135
Fixed bug #72227: imagescale out-of-bounds read
Fix bug #72241: get_icu_value_internal out-of-bounds read
Fix bug #72135 - don't create strings with lengths outside int range
Add check for string overflow to all string add operations
Fix bug #72114 - int/size_t confusion in fread
Updated NEWS
Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream()
Conflicts:
Zend/zend_operators.c
ext/phar/dirstream.c
ext/phar/tests/bug71331.phpt
show more ...
|
| #
9a826a3b |
| 24-May-2016 |
Stanislav Malyshev |
Fix memory leak in imagescale() |
