From: Ilia Alshanetsky Date: Wed, 8 Dec 2010 22:30:12 +0000 (+0000) Subject: Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). X-Git-Tag: php-5.2.15~3 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9501a3b81e194bd3e233640fa431a447d4b1741c;p=php Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). --- diff --git a/NEWS b/NEWS index d86da2d9c3..f836c68760 100644 --- a/NEWS +++ b/NEWS @@ -1,21 +1,18 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -?? ??? 2010, PHP 5.2.15 - -02 Dec 2010, PHP 5.2.15RC2 +09 Dec 2010, PHP 5.2.15 - Fixed extract() to do not overwrite $GLOBALS and $this when using - EXTR_OVERWRITE. (jorto at redhat dot com) - -18 Nov 2010, PHP 5.2.15RC1 + EXTR_OVERWRITE. (jorto at redhat dot com) - Fixed crash in zip extract method (possible CWE-170). (Maksymilian Arciemowicz, Pierre) - Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). (Ilia) - Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) - Fixed possible crash in mssql_fetch_batch(). (Kalle) - - Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). (Maksymilian Arciemowicz) + +- Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre) - Fixed bug #53323 (pdo_firebird getAttribute() crash). (preeves at ibphoenix dot com) - Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with diff --git a/ext/gd/gd.c b/ext/gd/gd.c index ccbe3c136a..8588e12798 100644 --- a/ext/gd/gd.c +++ b/ext/gd/gd.c @@ -4593,6 +4593,11 @@ PHP_FUNCTION(imagepstext) return; } + if (aa_steps != 4 || aa_steps != 16) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "AA steps must be 4 or 16"); + RETURN_FALSE; + } + ZEND_FETCH_RESOURCE(bg_img, gdImagePtr, &img, -1, "Image", le_gd); ZEND_FETCH_RESOURCE(f_ind, int *, &fnt, -1, "Type 1 font", le_ps_font);