From: Ilia Alshanetsky <iliaa@php.net>
Date: Fri, 4 Apr 2003 00:44:34 +0000 (+0000)
Subject: More gd stuff.
X-Git-Tag: php-4.3.2RC2~164
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1525ff177f59d598e1125bea28eaff49128cfda3;p=php

More gd stuff.
---

diff --git a/TODO_SEGFAULTS b/TODO_SEGFAULTS
index c85f861fa7..d3e09eda0e 100644
--- a/TODO_SEGFAULTS
+++ b/TODO_SEGFAULTS
@@ -28,6 +28,7 @@ Open:
     chunk_split                 (3)
     socket_select               (4)
     php_imagepolygon		(5)
+    imagesetstyle		(6)
 	
 (1) heap corruption, mostly visible in malloc-related calls.  Whether you see 
     this or not might depend on your libc/compiler.  Hard to track down,
@@ -79,6 +80,10 @@ Methodology
 (5) integer overflow inside php_imagepolygon and possible subsequent 
     integer overflows inside gdlib's gdImageFilledPolygon().
 
+(6) integer overflow if the number of elements in the array passed as
+    second argument * sizeof(int) result in an overflow.
+    gdImageSetStyle function called by this php wrapper can die for the
+    same reason.  
 
 Ammendment 1.