| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
We finally remove the inadvertent leftover from the synchronization
with GD 2.0.12.
|
| |
|
|
|
|
| |
We must not pass values to `gdImageScale()` which cannot be represented
by an `unsigned int`. Instead we return FALSE, according to what we
already did for negative integers.
|
| |
|
|
| |
imagesetinterpolation only requires one parameter.
|
| |\
| |
| |
| |
| |
| |
| | |
* 'PHP-7.1' of git.php.net:/php-src:
Update NEWS
Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx
Fix bug #74782: remove file name from output to avoid XSS
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-7.0:
Update NEWS
Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx
Fix bug #74782: remove file name from output to avoid XSS
|
| | | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-5.6:
Update NEWS
Fixed bug #75571: Potential infinite loop in gdImageCreateFromGifCtx
Fix bug #74782: remove file name from output to avoid XSS
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Due to a signedness confusion in `GetCode_` a corrupt GIF file can
trigger an infinite loop. Furthermore we make sure that a GIF without
any palette entries is treated as invalid *after* open palette entries
have been removed.
|
| |/ / / |
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.0:
Define floorf if system doesn't have it (follow up for 22c48761)
|
| | | |
| | |
| | |
| | | |
floorf is checked in config.m4
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.0:
Fix the SKIPIF part in /ext/gd/tests/bug75437.phpt
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.0:
Fix bug #75437 Wrong reflection on imagewebp
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.0:
Fixed bug #65148 (imagerotate may alter image dimensions)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We apply the respective patches from external libgd, work around the
still missing `gdImageClone()`, and fix the special cased rotation
routines according to Pierre's patch
(https://gist.github.com/pierrejoye/59d72385ed1888cf8894a7ed437235ae).
We also cater to bug73272.phpt whose result obviously changes a bit.
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.0:
Fix memory leak
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.0:
Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We back-port https://github.com/libgd/libgd/commit/dd48286 even though
we cannot come up with a regression test, because the erroneous
condition appears to be impossible to trigger.
We also parenthesize the inner ternary operation to avoid confusion.
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.0:
Fixed bug #75124 (gdImageGrayScale() may produce colors)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
We have to make sure to avoid alpha-blending issues by explicitly
switching to `gdEffectReplace` and to restore the old value afterwards.
This is a port of <https://github.com/libgd/libgd/commit/a7a7ece>.
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.0:
Shrink test image
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The last (`IDAT`) chunk in this file starting at `0x5e265` reports to
have a length of `0x2000` bytes, but there are only `0x1D9B` bytes
left. Simply cutting the first `IDAT` chunk which starts at `0x31` and
also reports a length of `0x2000` at the same offset should produce the
same test results (while reducing the file size to 7.628 bytes).
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.0:
Skip this test if ext/gd is not available
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-7.0:
Improve fix for #74145
Fix wddx
Fix tests
Fixed bug #74111
Fix bug #74603 - use correct buffer size
Fix bug #74651 - check EVP_SealInit as it can return -1
Update NEWS
Fix bug #74087
Fixed parsing of strange formats with mixed month/day and time strings
Fix bug #74145 - wddx parsing empty boolean tag leads to SIGSEGV
Fixed bug #74111
Fix #74435: Buffer over-read into uninitialized memory
Fix bug #74603 - use correct buffer size
Fix bug #74651 - check EVP_SealInit as it can return -1
Update NEWS
Fix bug #73807
|
| | |\ \
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.6:
Update NEWS
Fix bug #74087
Fixed parsing of strange formats with mixed month/day and time strings
Fix bug #74145 - wddx parsing empty boolean tag leads to SIGSEGV
Fixed bug #74111
Fix #74435: Buffer over-read into uninitialized memory
Fix bug #74603 - use correct buffer size
Fix bug #74651 - check EVP_SealInit as it can return -1
Update NEWS
Fix bug #73807
|
| | | |
| | |
| | |
| | |
| | | |
The stack allocated color map buffers were not zeroed before usage, and
so undefined palette indexes could cause information leakage.
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.0:
Fixed condition check
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.0:
fix bug #74343 compile fails on solaris 11 with system libgd
|
| | | | |
|
| |\ \ \
| |/ / |
|
| | | |
| | |
| | |
| | | |
Fix incorrect parameter count for imagepng function
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.0:
Add regression test for bug #47946
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This bug had already been fixed, but apparently there's no regression
test yet, so we add one.
Note that the expected image has black pixel artifacts, which are
another issue (perhaps bug #40158), and would have to be adressed
separately.
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.0:
Fix intermittent segfault in GD library
|
| | | |
| | |
| | |
| | |
| | | |
The gdIOCtx struct should be zero filled with ecalloc.
emalloc does not zero fill the struct.
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.0:
Fix #73968: Premature failing of XBM reading
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We must take into account the line padding, when we're reading XBM
files.
We deliberately ignore the potential integer overflow here, because
that would be caught by gdImageCreate() or even earlier if `bytes==0`,
what happens in libgd00094.phpt which we adapt accordingly.
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | | |
* PHP-7.0:
Fix #73869: Signed Integer Overflow gd_io.c
Fix #73868: DOS vulnerability in gdImageCreateFromGd2Ctx()
|
| | |\ \
| | |/
| | |
| | |
| | |
| | | |
* PHP-5.6:
Fix #73869: Signed Integer Overflow gd_io.c
Fix #73868: DOS vulnerability in gdImageCreateFromGd2Ctx()
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
GD2 stores the number of horizontal and vertical chunks as words (i.e. 2
byte unsigned). These values are multiplied and assigned to an int when
reading the image, what can cause integer overflows. We have to avoid
that, and also make sure that either chunk count is actually greater
than zero. If illegal chunk counts are detected, we bail out from
reading the image.
(cherry picked from commit 5b5d9db3988b829e0b121b74bb3947f01c2796a1)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
We must not pretend that there are image data if there are none. Instead
we fail reading the image file gracefully.
(cherry picked from commit cdb648dc4115ce0722f3cc75e6a65115fc0e56ab)
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.0:
Fix #73893: A hidden danger of death cycle in a function of gd
|
| | | |
| | |
| | |
| | | |
We remove the unused, but potentially dangerous functions.
|
| | | | |
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.0:
Fix #73549: Use after free when stream is passed to imagepng
|
