php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Sec Bug #73866 Fix potential unsigned underflow
Submitted: 2017-01-05 10:29 UTC Modified: 2017-01-18 15:11 UTC
From: ondrej@php.net Assigned: cmb (profile)
Status: Not a bug Package: GD related
PHP Version: 5.6.29 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: ondrej@php.net
New email:
PHP Version: OS:

 

 [2017-01-05 10:29 UTC] ondrej@php.net 
Description:
------------
This is a sync with GD-2.2 security branch.

~~~

No need to decrease `u`, so we don't do it. While we're at it, we also factor
out the overflow check of the loop, what improves performance and readability.

This issue has been reported by Stefan Esser to security@libgd.org.

Patches

0001-Fix-potential-unsigned-underflow.patch (last revision 2017-01-05 10:29 UTC by ondrej@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-05 10:29 UTC] ondrej@php.net 
The following patch has been added/updated:

Patch Name: 0001-Fix-potential-unsigned-underflow.patch
Revision:   1483612162
URL:        https://bugs.php.net/patch-display.php?bug=73866&patch=0001-Fix-potential-unsigned-underflow.patch&revision=1483612162
 [2017-01-05 15:29 UTC] cmb@php.net
-PHP Version: 7.1.0 +PHP Version: 5.6.29
 [2017-01-05 15:29 UTC] cmb@php.net 
The patch should be applied against PHP-5.6 and merged upwards.
 [2017-01-05 19:36 UTC] stas@php.net
-Assigned To: +Assigned To: cmb
 [2017-01-16 17:19 UTC] cmb@php.net
-Status: Assigned +Status: Not a bug
 [2017-01-16 17:19 UTC] cmb@php.net 
Actually, this is not an issue with regard to PHP, because PHP
assumes an infallible memory allocator. So this is not-a-bug. I'm
keeping this ticket private until GD 2.2.4 is released.
 [2017-01-18 15:11 UTC] cmb@php.net 
GD 2.2.4 has been released, so I'm revealing this ticket.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Dec 26 09:01:29 2024 UTC