#
772b1cb2 |
| 10-Jan-2019 |
Christoph M. Becker |
Fix #77272: imagescale() may return image resource on failure `_gdScaleHoriz()` and `_gdScaleVert()` may fail, but don't signal failure since they are void functions. We change that acc
Fix #77272: imagescale() may return image resource on failure `_gdScaleHoriz()` and `_gdScaleVert()` may fail, but don't signal failure since they are void functions. We change that according to upstream libgd. We also remove the unused `Scale()` function, which doesn't exist in upstream libgd either, right away.
show more ...
|
Revision tags: php-5.6.40, php-7.1.26, php-7.3.1, php-7.2.14 |
|
#
e40027ef |
| 06-Jan-2019 |
Stanislav Malyshev |
Merge branch 'PHP-7.2' into PHP-7.3 * PHP-7.2: Fix #77369 - memcpy with negative length via crafted DNS response Fix more issues with encodilng length Fix #77270: imagecolo
Merge branch 'PHP-7.2' into PHP-7.3 * PHP-7.2: Fix #77369 - memcpy with negative length via crafted DNS response Fix more issues with encodilng length Fix #77270: imagecolormatch Out Of Bounds Write on Heap Fix bug #77380 (Global out of bounds read in xmlrpc base64 code) Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node) Fix bug #77370 - check that we do not read past buffer end when parsing multibytes Fix #77269: Potential unsigned underflow in gdImageScale Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext) Fix bug #77242 (heap out of bounds read in xmlrpc_decode()) Regenerate certs for openssl tests
show more ...
|
Revision tags: php-7.2.14RC1, php-7.3.1RC1 |
|
#
dfd8237a |
| 12-Dec-2018 |
Christoph M. Becker |
Fix #77269: Potential unsigned underflow in gdImageScale Belatedly, we're porting the respective upstream patch[1]. [1] <https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dc
Fix #77269: Potential unsigned underflow in gdImageScale Belatedly, we're porting the respective upstream patch[1]. [1] <https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35>
show more ...
|
Revision tags: php-5.6.39, php-7.1.25, php-7.2.13, php-7.0.33, php-7.3.0, php-7.1.25RC1, php-7.2.13RC1, php-7.3.0RC6, php-7.1.24, php-7.2.12, php-7.3.0RC5, php-7.1.24RC1, php-7.2.12RC1, php-7.3.0RC4, php-7.1.23, php-7.2.11, php-7.3.0RC3, php-7.1.23RC1, php-7.2.11RC1, php-7.3.0RC2, php-5.6.38, php-7.1.22, php-7.3.0RC1, php-7.2.10, php-7.0.32, php-7.1.22RC1, php-7.3.0beta3, php-7.2.10RC1, php-7.1.21, php-7.2.9, php-7.3.0beta2, php-7.1.21RC1, php-7.3.0beta1, php-7.2.9RC1, php-5.6.37, php-7.1.20, php-7.3.0alpha4, php-7.0.31, php-7.2.8, php-7.1.20RC1, php-7.2.8RC1, php-7.3.0alpha3, php-7.3.0alpha2, php-7.1.19, php-7.2.7, php-7.1.19RC1, php-7.3.0alpha1, php-7.2.7RC1, php-7.1.18, php-7.2.6, php-7.2.6RC1, php-7.1.18RC1, php-5.6.36, php-7.2.5, php-7.1.17, php-7.0.30, php-7.1.17RC1, php-7.2.5RC1, php-5.6.35, php-7.0.29, php-7.2.4, php-7.1.16, php-7.1.16RC1, php-7.2.4RC1, php-7.1.15, php-5.6.34, php-7.2.3, php-7.0.28, php-7.2.3RC1, php-7.1.15RC1 |
|
#
a5f1a585 |
| 10-Feb-2018 |
Gabriel Caruso |
Removed unused variables |
Revision tags: php-7.1.14, php-7.2.2, php-7.1.14RC1, php-7.2.2RC1, php-7.1.13, php-5.6.33, php-7.2.1, php-7.0.27 |
|
#
64002648 |
| 31-Dec-2017 |
Gabriel Caruso |
Trailing whitespaces Signed-off-by: Gabriel Caruso <carusogabriel34@gmail.com> |
Revision tags: php-7.2.1RC1, php-7.1.13RC1, php-7.0.27RC1 |
|
#
32e3d7b9 |
| 29-Nov-2017 |
Lior Kaplan |
Define floorf if system doesn't have it (follow up for 22c48761) floorf is checked in config.m4 |
Revision tags: php-7.2.0, php-7.1.12, l, php-7.1.12RC1, php-7.2.0RC6, php-7.0.26RC1, php-7.1.11, php-5.6.32, php-7.2.0RC5, php-7.0.25 |
|
#
22c48761 |
| 24-Oct-2017 |
Christoph M. Becker |
Fixed bug #65148 (imagerotate may alter image dimensions) We apply the respective patches from external libgd, work around the still missing `gdImageClone()`, and fix the special cased r
Fixed bug #65148 (imagerotate may alter image dimensions) We apply the respective patches from external libgd, work around the still missing `gdImageClone()`, and fix the special cased rotation routines according to Pierre's patch (https://gist.github.com/pierrejoye/59d72385ed1888cf8894a7ed437235ae). We also cater to bug73272.phpt whose result obviously changes a bit.
show more ...
|
Revision tags: php-7.1.11RC1, php-7.2.0RC4, php-7.0.25RC1, php-7.1.10, php-7.2.0RC3, php-7.0.24, php-7.2.0RC2, php-7.1.10RC1, php-7.0.24RC1 |
|
#
e20a6b02 |
| 01-Sep-2017 |
Christoph M. Becker |
Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?) We back-port https://github.com/libgd/libgd/commit/dd48286 even though we cannot come up with a regression test, because
Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?) We back-port https://github.com/libgd/libgd/commit/dd48286 even though we cannot come up with a regression test, because the erroneous condition appears to be impossible to trigger. We also parenthesize the inner ternary operation to avoid confusion.
show more ...
|
Revision tags: php-7.1.9, php-7.2.0RC1, php-7.0.23, php-7.1.9RC1, php-7.2.0beta3, php-7.0.23RC1, php-7.1.8, php-7.2.0beta2, php-7.0.22, php-7.1.8RC1, php-7.2.0beta1, php-7.0.22RC1, php-5.6.31, php-7.0.21, php-7.1.7, php-7.2.0alpha3, php-7.1.7RC1, php-7.0.21RC1, php-7.2.0alpha2, php-7.1.6, php-7.2.0alpha1, php-7.0.20, php-7.1.6RC1, php-7.0.20RC1, php-7.1.5, php-7.0.19, php-7.0.19RC1, php-7.1.5RC1, php-7.1.4, php-7.0.18, php-7.1.4RC1, php-7.0.18RC1, php-7.1.3, php-7.0.17, php-7.1.3RC1, php-7.0.17RC1, php-7.1.2, php-7.0.16, php-7.0.16RC1, php-7.1.2RC1, php-5.6.30, php-7.0.15, php-5.6.30RC1, php-7.1.1RC1, php-7.0.15RC1, php-7.1.1, php-5.6.29, php-7.0.14, php-7.1.0, php-5.6.29RC1, php-7.0.14RC1, php-7.1.0RC6, php-5.6.28, php-7.0.13, php-5.6.28RC1, php-7.1.0RC5, php-7.0.13RC1, php-7.1.0RC4, php-5.6.27, php-7.0.12 |
|
#
fc989fc6 |
| 10-Oct-2016 |
Christoph M. Becker |
Fix #73279: Integer overflow in gdImageScaleBilinearPalette() The color components are supposed to be in range 0..255, so we must not cast them to `signed char`, what can be the default
Fix #73279: Integer overflow in gdImageScaleBilinearPalette() The color components are supposed to be in range 0..255, so we must not cast them to `signed char`, what can be the default for `char`. Port of <https://github.com/libgd/libgd/commit/77c8d359>.
show more ...
|
Revision tags: php-7.1.0RC3, php-5.6.27RC1, php-7.0.12RC1, php-5.6.26, php-7.1.0RC2, php-7.0.11, php-5.6.26RC1, php-7.1.0RC1, php-7.0.11RC1, php-7.1.0beta3, php-5.6.25, php-7.0.10, php-7.1.0beta2, php-5.6.25RC1, php-7.0.10RC1 |
|
#
88838dd2 |
| 23-Jul-2016 |
Christoph M. Becker |
Fix #68712: suspicious if-else statements |
#
9fbd0c1f |
| 23-Jul-2016 |
Christoph M. Becker |
Fix copy&paste errors in gd_interpolation.c According to <https://github.com/libgd/libgd/commit/f101380>. |
Revision tags: php-7.1.0beta1, php-5.6.24, php-7.0.9, php-5.5.38 |
|
#
48e76aba |
| 19-Jul-2016 |
Pierre Joye |
improve fix #72558, free contribRow as well |
#
df095150 |
| 19-Jul-2016 |
Pierre Joye |
improve fix #72558, while (u>=0) with unsigned int will always be true |
#
f69362d2 |
| 19-Jul-2016 |
Stanislav Malyshev |
Merge branch 'PHP-5.5' into PHP-5.6 * PHP-5.5: Fix memory leak
|
#
47d6ea63 |
| 19-Jul-2016 |
Stanislav Malyshev |
Fix memory leak |
#
4d0565b5 |
| 19-Jul-2016 |
Stanislav Malyshev |
Merge branch 'PHP-5.5' into PHP-5.6 * PHP-5.5: fix #72519, possible OOB using imagegif fix #72512, invalid read or write for palette image when invalid transparent index is used
Merge branch 'PHP-5.5' into PHP-5.6 * PHP-5.5: fix #72519, possible OOB using imagegif fix #72512, invalid read or write for palette image when invalid transparent index is used Apparently some envs miss SIZE_MAX Fix tests Fix bug #72618: NULL Pointer Dereference in exif_process_user_comment Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c Fix for bug #72558, Integer overflow error within _gdContributionsAlloc() Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE Fix bug #72562 - destroy var_hash properly Fix bug #72533 (locale_accept_from_http out-of-bounds access) Fix fir bug #72520 Fix for bug #72513 CS fix and comments with bug ID Fix for HTTP_PROXY issue. add tests for bug #72512 Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access Fixed bug #72479 - same as #72434 Conflicts: ext/bz2/bz2.c main/SAPI.c main/php_variables.c
show more ...
|
#
928aecc0 |
| 19-Jul-2016 |
Pierre Joye |
fix #72512, invalid read or write for palette image when invalid transparent index is used Conflicts: ext/gd/libgd/gd.c |
#
511f07b7 |
| 19-Jul-2016 |
Pierre Joye |
Merge branch 'PHP-5.5' into PHP-5.6 * PHP-5.5: fix #72512, invalid read or write for palette image when invalid transparent index is used
|
#
0fbcff1b |
| 19-Jul-2016 |
Pierre Joye |
fix #72512, invalid read or write for palette image when invalid transparent index is used |
#
d1a491ac |
| 18-Jul-2016 |
Stanislav Malyshev |
Fix for bug #72558, Integer overflow error within _gdContributionsAlloc() |
Revision tags: php-5.6.24RC1, php-7.1.0alpha3, php-7.0.9RC1, php-7.1.0alpha2, php-7.0.8, php-5.6.23, php-5.5.37 |
|
#
7dde353e |
| 21-Jun-2016 |
Stanislav Malyshev |
Merge branch 'PHP-5.5' into PHP-5.6.23 * PHP-5.5: Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow update NEWS fix tests
Merge branch 'PHP-5.5' into PHP-5.6.23 * PHP-5.5: Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow update NEWS fix tests fix build Fix bug #72455: Heap Overflow due to integer overflows Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize Fix bug #72407: NULL Pointer Dereference at _gdScaleVert Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free Fix bug #72298 pass2_no_dither out-of-bounds access Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow Fix bug #72262 - do not overflow int Fix bug #72400 and #72403 - prevent signed int overflows for string lengths Fix bug #72275: don't allow smart_str to overflow int Fix bug #72340: Double Free Courruption in wddx_deserialize update NEWS Fix #66387: Stack overflow with imagefilltoborder Skip test which is 64bits only 5.5.37 now Conflicts: configure.in ext/mcrypt/mcrypt.c ext/spl/spl_directory.c main/php_version.h
show more ...
|
#
b9ec171e |
| 19-Jun-2016 |
Stanislav Malyshev |
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert |
Revision tags: php-5.6.23RC1, php-7.0.8RC1, php-7.1.0alpha1 |
|
#
f8012595 |
| 07-Jun-2016 |
Pierre Joye |
#72337 invalid dimensions can lead to segv |
Revision tags: php-5.6.22, php-5.5.36, php-7.0.7 |
|
#
544940c4 |
| 24-May-2016 |
Stanislav Malyshev |
Merge branch 'PHP-5.5' into PHP-5.6.22 * PHP-5.5: Fix memory leak in imagescale() Update NEWS Better fix for bug #72135 Fixed bug #72227: imagescale out-of-bounds rea
Merge branch 'PHP-5.5' into PHP-5.6.22 * PHP-5.5: Fix memory leak in imagescale() Update NEWS Better fix for bug #72135 Fixed bug #72227: imagescale out-of-bounds read Fix bug #72241: get_icu_value_internal out-of-bounds read Fix bug #72135 - don't create strings with lengths outside int range Add check for string overflow to all string add operations Fix bug #72114 - int/size_t confusion in fread Updated NEWS Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream() Conflicts: Zend/zend_operators.c ext/phar/dirstream.c ext/phar/tests/bug71331.phpt
show more ...
|
#
9a826a3b |
| 24-May-2016 |
Stanislav Malyshev |
Fix memory leak in imagescale() |