From a4ff44794c66cc79afc76edb85f27a47628cfbf6 Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Wed, 4 Jun 2003 15:03:29 +0000
Subject: [PATCH] Updated the todo to reflect the current situation.

---
 TODO_SEGFAULTS | 21 ++++-----------------
 1 file changed, 4 insertions(+), 17 deletions(-)

diff --git a/TODO_SEGFAULTS b/TODO_SEGFAULTS
index 8e92183f28..b8bda39c84 100644
--- a/TODO_SEGFAULTS
+++ b/TODO_SEGFAULTS
@@ -29,11 +29,8 @@ Fixed:
 Open:
 
     the dbase extension         (1)
-    chunk_split                 (2)
-    socket_select               (3)
-    php_imagepolygon            (4)
-    imagesetstyle               (5)
-    pack                        (6)
+    socket_select               (2)
+    pack                        (3)
 	
 (1) heap corruption, mostly visible in malloc-related calls.  Whether you see 
     this or not might depend on your libc/compiler.  Hard to track down,
@@ -53,9 +50,7 @@ dbase_numrecords
 dbase_open
 X 
 
-(2) integer overflow in php_chunk_split
-
-(3) heap corruption, dies in efree()/execute()
+(2) heap corruption, dies in efree()/execute()
 
 Methodology
 
@@ -75,15 +70,7 @@ Methodology
 
         echo dbase_open | php do_crash.txt
 
-(4) integer overflow inside php_imagepolygon and possible subsequent 
-    integer overflows inside gdlib's gdImageFilledPolygon().
-
-(5) integer overflow if the number of elements in the array passed as
-    second argument * sizeof(int) result in an overflow.
-    gdImageSetStyle function called by this php wrapper can die for the
-    same reason.  
-
-(6) multiple integer overflows, ex. pack("d4294967297", 2);
+(3) multiple integer overflows, ex. pack("d4294967297", 2);
 
 Amendment 1.
 
-- 
2.50.1