archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-19 08:49:28 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
110059 commits 526 branches 1434 tags 878 MiB
Commit graph

29 commits

Author SHA1 Message Date
Stanislav Malyshev
a68dc899bb Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
  Update NEWS
  Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx
  Fix bug #74782: remove file name from output to avoid XSS
 2018-01-01 21:07:21 -08:00
Stanislav Malyshev
459ab2eef4 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Update NEWS
  Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx
  Fix bug #74782: remove file name from output to avoid XSS
 2018-01-01 20:28:01 -08:00
Christoph M. Becker
8d6e958867 Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx 
Due to a signedness confusion in `GetCode_` a corrupt GIF file can
trigger an infinite loop.  Furthermore we make sure that a GIF without
any palette entries is treated as invalid *after* open palette entries
have been removed.
 2018-01-01 19:51:26 -08:00
Stanislav Malyshev
d75dbb0e31 Merge branch 'PHP-7.1' 
* PHP-7.1:
  Improve fix for #74145
  Fix wddx
  Fix tests
  Fixed bug #74111
  Fix bug #74603 - use correct buffer size
  Fix bug #74651 - check EVP_SealInit as it can return -1
  Update NEWS
  Fix bug #74087
  Fixed parsing of strange formats with mixed month/day and time strings
  Fix bug #74145 - wddx parsing empty boolean tag leads to SIGSEGV
  Fixed bug #74111
  Fix #74435: Buffer over-read into uninitialized memory
  Fix bug #74603 - use correct buffer size
  Fix bug #74651 - check EVP_SealInit as it can return -1
  Update NEWS
  Fix bug #73807
 2017-07-04 21:23:16 -07:00
Stanislav Malyshev
0496f5407f Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Update NEWS
  Fix bug #74087
  Fixed parsing of strange formats with mixed month/day and time strings
  Fix bug #74145 - wddx parsing empty boolean tag leads to SIGSEGV
  Fixed bug #74111
  Fix #74435: Buffer over-read into uninitialized memory
  Fix bug #74603 - use correct buffer size
  Fix bug #74651 - check EVP_SealInit as it can return -1
  Update NEWS
  Fix bug #73807
 2017-07-04 19:44:51 -07:00
Christoph M. Becker
8dc4f4dc9e Fix #74435: Buffer over-read into uninitialized memory 
The stack allocated color map buffers were not zeroed before usage, and
so undefined palette indexes could cause information leakage.
 2017-07-04 19:00:57 -07:00
Christoph M. Becker
432e16cb58 Unify error handling of bundled and external libgd 
There's no need anymore to call an own error handler directly. Instead we
register our error handler and call libgd's error functions (which will
forward). We do this regardless of compiling with the bundled or an external
libgd.
 2016-10-07 01:13:49 +02:00
Stanislav Malyshev
b7a7b1a624 trailing whitespace removal 2015-01-10 15:07:38 -08:00
Remi Collet
5fc2fede9c Better fix for #68601 for perf 
81e9a993f2
 2014-12-17 10:59:36 +01:00
Remi Collet
07b5896a13 Fix bug #68601 buffer read overflow in gd_gif_in.c 2014-12-13 09:03:44 +01:00
Pierre Joye
c4b5196d0b - #41630, fix segfault when an invalid color index is present in the image 
data
 2007-06-07 21:07:33 +00:00
Pierre Joye
539be2cc81 - do not try to use the global color map when none was found (Nuno, Pierre) 
- free im on error
 2007-04-04 11:40:11 +00:00
Pierre Joye
e4749c609c - Sync with gd 2.0.35 (bug #52, #60 and #66) 
- Improve TS of gif loading code (Roman Nemecek, Nuno, Pierre)
 - a frame size must be confined to the screen defition (Pierre)
 - be sure to always read the dimensions in the frame and does not use
   the screen size (see #66 for a side effect) (Pierre)
- Update #37360 test. The frame does not fit the logical screen (specs
  tell that it must fit) (Pierre)
 2007-04-04 01:34:50 +00:00
Nuno Lopes
5116b67016 fix thread unsafety in the gif reader code (merge from libgd cvs) 2007-03-08 20:24:53 +00:00
Nuno Lopes
7b37c41384 fix access to non initialized memory (check valgrind reports on http://gcov.php.net) 2007-03-02 18:41:25 +00:00
Ilia Alshanetsky
9783f5f1f3 strncpy() -> strlcpy() 2007-02-24 18:00:56 +00:00
Pierre Joye
2a06ce8518 - #38112, add test and use MAX_LWZ_BITS instead of the value 2006-07-17 14:30:21 +00:00
Pierre Joye
17f6ae66ce - #38112, corrupt GIF segfaults, test will follow 2006-07-16 11:07:31 +00:00
Pierre Joye
3bad805e35 - more CS 2006-05-08 12:06:59 +00:00
Pierre Joye
4428076eae - MFH: #37360, bad gif size 2006-05-08 11:50:47 +00:00
Pierre Joye
570511c9b2 - CS (spaces > tabs) 2006-05-08 11:12:49 +00:00
Pierre Joye
52619b8427 - #37346, invalid colormap format 2006-05-07 16:37:40 +00:00
Pierre Joye
c81c189198 - MFH #33220, infinite loop while loading invalid GIF (nlopees) 2005-09-24 14:39:16 +00:00
foobar
75d362225c MFH 2005-08-18 12:54:44 +00:00
Ilia Alshanetsky
36db28c8db CS fixes. 2003-12-28 20:11:08 +00:00
Ilia Alshanetsky
c13be6e6d5 Last set of integer overflow checks. 2003-06-03 23:42:31 +00:00
Marcus Boerger
fa38a6af6f No more (f)printf for errors and warnings instead use php_error_docref. 2002-12-01 11:43:54 +00:00
Rasmus Lerdorf
a24534a1ed Update bundled gd library with relevant changes from gd-2.0.4 
I still need to add a configure check for the gdIOCtx struct
changes so building against older external gd libs will work again.
 2002-10-29 23:08:01 +00:00
Rasmus Lerdorf
72d90fc41c As discussed a while ago, decoding GIF images is not considered a Unisys 
LZW patent violation so we can distribute read-only GIF support with
our bundled GD2.  The patent also expires in 2003, which is quickly
approaching, so we can roll in write support soon unless things change.
 2002-10-06 06:03:17 +00:00