From: Moriyoshi Koizumi Date: Wed, 4 Jun 2003 14:53:31 +0000 (+0000) Subject: BFN updates X-Git-Tag: php-4.3.3RC1~96 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=90eb73bb9d8f5bc4a5a6968aee4d0e2400bb5bf3;p=php BFN updates --- diff --git a/NEWS b/NEWS index 16111dec35..362c30cf6f 100644 --- a/NEWS +++ b/NEWS @@ -15,6 +15,7 @@ PHP 4 NEWS - Added DBA handler 'inifile' to support ini files. (Marcus) - Added a "DEBUG" note to 'php -v' output when --enable-debug is used. (Derick) - Added long options into CLI & CGI (e.g. --version). (Marcus) +- Fixed integer overflows in base64_encode(). (Moriyoshi) - Fixed possible integer overflows in bundled GD library. (Ilia) - Fixed "mysql.connect_timeout" php.ini option to be settable with ini_set(). (Rasmus) diff --git a/TODO_SEGFAULTS b/TODO_SEGFAULTS index 05256ff37c..8e92183f28 100644 --- a/TODO_SEGFAULTS +++ b/TODO_SEGFAULTS @@ -23,7 +23,8 @@ Fixed: flock (Sascha) register_shutdown_function (Sascha) mb_strcut('', [number greater than the length of first arg]) (Moriyoshi) - ext/exif, ext/dba (7) (Marcus) + ext/exif, ext/dba (Marcus) + php_base64_encode (Moriyoshi) Open: @@ -32,8 +33,7 @@ Open: socket_select (3) php_imagepolygon (4) imagesetstyle (5) - php_base64_encode (6) - pack (7) + pack (6) (1) heap corruption, mostly visible in malloc-related calls. Whether you see this or not might depend on your libc/compiler. Hard to track down, @@ -83,11 +83,9 @@ Methodology gdImageSetStyle function called by this php wrapper can die for the same reason. -(6) integer overflow if the specified string is longer then ~1.1 billion bytes. +(6) multiple integer overflows, ex. pack("d4294967297", 2); -(7) multiple integer overflows, ex. pack("d4294967297", 2); - -Ammendment 1. +Amendment 1. CFLAGS='-O0 -g' \ '../src/php4/configure' \