MFH: Fixed bug #33210 (relax jpeg recursive loop protection).

author Ilia Alshanetsky <iliaa@php.net>

Wed, 1 Jun 2005 22:29:20 +0000 (22:29 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Wed, 1 Jun 2005 22:29:20 +0000 (22:29 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Wed, 1 Jun 2005 22:29:20 +0000 (22:29 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Wed, 1 Jun 2005 22:29:20 +0000 (22:29 +0000)
diff --git a/NEWS b/NEWS

index 9122b8307a133825ab187c2803c6fdaf05a075dc..e643084f01c96d169bc8b01c5ca059d5768d1a88 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,7 @@ PHP 4                                                                      NEWS
    them sort based on the current locale. (Derick)
  - Changed sha1_file() and md5_file() functions to use streams instead of 
    low level IO. (Uwe)
+- Fixed bug #33210 (relax jpeg recursive loop protection). (Ilia)
  - Fixed bug #33200 (preg_replace(): magic_quotes_sybase=On makes 'e' modifier
    misbehave). (Jani)
  - Fixed bug #33072 (Add a safemode/open_basedir check for runtime save_path 
diff --git a/ext/standard/image.c b/ext/standard/image.c

index 6a015cb326638feb383f5b5949c2398bc97cbe37..4849fff715367b85e14fdcc9852765cba0d8d969 100644 (file)
--- a/ext/standard/image.c
+++ b/ext/standard/image.c
@@ -401,7 +401,7 @@ static unsigned int php_next_marker(php_stream * stream, int last_marker, int co
                                 last_marker = M_PSEUDO; /* stop skipping non 0xff for M_COM */
                         }
                 }
-               if (++a > 10)
+               if (++a > 25)
                 {
                         /* who knows the maxim amount of 0xff? though 7 */
                         /* but found other implementations              */
author	Ilia Alshanetsky <iliaa@php.net>
	Wed, 1 Jun 2005 22:29:20 +0000 (22:29 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Wed, 1 Jun 2005 22:29:20 +0000 (22:29 +0000)
NEWS		patch \| blob \| history
ext/standard/image.c		patch \| blob \| history