19838509 upgrade php to version 5.3.29
18857741 problem in UTILITY/PHP
18890894 problem in UTILITY/PHP
18890895 problem in UTILITY/PHP
19003253 problem in UTILITY/PHP
19167518 problem in UTILITY/PHP
19519142 problem in UTILITY/PHP
19556437 problem in UTILITY/PHP
19707971 problem in UTILITY/PHP
19796954 problem in UTILITY/PHP
20258327 problem in UTILITY/PHP
20488612 announce PHP 5.2 EOF in man page
Fix for CVE-2014-2497
Patch:
http://git.php.net/?p=php-src.git;a=patch;h=cf4753691dc55999373d1c576f62ecb298723420
Code:
http://git.php.net/?p=php-src.git;a=commit;h=cf4753691dc55999373d1c576f62ecb298723420
Verified by hand that it patches the correct code
but needed one slight tweak needing return instead of goto.
diff --git a/ext/gd/libgd/gdxpm.c b/ext/gd/libgd/gdxpm.c
index 73f86e5..b69414e 100644
--- a/ext/gd/libgd/gdxpm.c
+++ b/ext/gd/libgd/gdxpm.c
@@ -31,12 +31,17 @@ gdImagePtr gdImageCreateFromXpm (char *filename)
if (ret != XpmSuccess) {
return 0;
}
+ number = image.ncolors;
+ for(i = 0; i < number; i++) {
+ if (!image.colorTable[i].c_color) {
+ return 0;
+ }
+ }
if (!(im = gdImageCreate(image.width, image.height))) {
return 0;
}
- number = image.ncolors;
colors = (int *) safe_emalloc(number, sizeof(int), 0);
for (i = 0; i < number; i++) {
switch (strlen (image.colorTable[i].c_color)) {