Merge branch 'PHP-5.6' into PHP-7.0

author: Christoph M. Becker <cmbecker69@gmx.de> 2016-10-13 11:24:03 +0200
committer: Christoph M. Becker <cmbecker69@gmx.de> 2016-10-13 11:25:11 +0200
commit: b8fab503fec8288e65d571f0277b078b8f7cebf3 (patch)
tree: 1ab050fbd545c5f8d3259e4f61818ab91342ae6f
parent: ce3e792c2c4c251fd5963a36af5ad4a9dd875085 (diff)
parent: cc08cbc84d46933c1e9e0149633f1ed5d19e45e9 (diff)
download: php-git-b8fab503fec8288e65d571f0277b078b8f7cebf3.tar.gz
2 files changed, 2 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 01d9fe2e30..c20abb5ee7 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,7 @@ PHP                                                                        NEWS
   . Fixed bug #73272 (imagescale() is not affected by, but affects
     imagesetinterpolation()). (cmb)
   . Fixed bug #73279 (Integer overflow in gdImageScaleBilinearPalette()). (cmb)
+  . Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf). (cmb)
 
 - phpdbg:
   . Properly allow for stdin input from a file. (Bob)
diff --git a/ext/gd/libgd/gd_io_dp.c b/ext/gd/libgd/gd_io_dp.c
index bfeb4cb4bb..4dcedde8cc 100644
--- a/ext/gd/libgd/gd_io_dp.c
+++ b/ext/gd/libgd/gd_io_dp.c
@@ -237,7 +237,7 @@ static int dynamicGetbuf (gdIOCtxPtr ctx, void *buf, int len)
 	if (remain >= len) {
 		rlen = len;
 	} else {
-		if (remain == 0) {
+		if (remain <= 0) {
 			return EOF;
 		}
 		rlen = remain;
author	Christoph M. Becker <cmbecker69@gmx.de>	2016-10-13 11:24:03 +0200
committer	Christoph M. Becker <cmbecker69@gmx.de>	2016-10-13 11:25:11 +0200
commit	b8fab503fec8288e65d571f0277b078b8f7cebf3 (patch)
tree	1ab050fbd545c5f8d3259e4f61818ab91342ae6f
parent	ce3e792c2c4c251fd5963a36af5ad4a9dd875085 (diff)
parent	cc08cbc84d46933c1e9e0149633f1ed5d19e45e9 (diff)
download	php-git-b8fab503fec8288e65d571f0277b078b8f7cebf3.tar.gz