Overview

File php-5.2.6-bug416178.patch of Package php5

Index: Zend/zend_operators.h
===================================================================
--- Zend/zend_operators.h.orig	2007-12-31 08:20:03.000000000 +0100
+++ Zend/zend_operators.h	2008-08-13 07:30:26.000000000 +0200
@@ -219,6 +219,10 @@ zend_memnstr(char *haystack, char *needl
 {
 	char *p = haystack;
 	char ne = needle[needle_len-1];
+	
+	if(needle_len > end - haystack) {
+		return NULL;
+	}
 
 	end -= needle_len;
 
Index: ext/gd/gd.c
===================================================================
--- ext/gd/gd.c.orig	2008-04-04 19:39:52.000000000 +0200
+++ ext/gd/gd.c	2008-08-13 07:31:50.000000000 +0200
@@ -1637,6 +1637,20 @@ PHP_FUNCTION(imageloadfont)
 		body_size = font->w * font->h * font->nchars;
 	}
 
+	if (overflow2(font->nchars, font->h)) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error reading font, invalid font header");
+		efree(font);
+		php_stream_close(stream);
+		RETURN_FALSE;
+	}
+	if (overflow2(font->nchars * font->h, font->w )) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error reading font, invalid font header");
+		efree(font);
+		php_stream_close(stream);
+		RETURN_FALSE;
+	}
+
+
 	if (body_size != body_size_check) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error reading font");
 		efree(font);
openSUSE Build Service is sponsored by
Places