diff options
| -rw-r--r-- | debian/changelog | 10 | ||||
| -rw-r--r-- | debian/patches/043-recode_size_t.patch | 20 |
2 files changed, 20 insertions, 10 deletions
diff --git a/debian/changelog b/debian/changelog index ec5623f58..ecd65d135 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +php5 (5.2.5-3) unstable; urgency=high + + * zend_parse_parameters does not handle size_t's, causing issues with + 043-recode_size_t.patch and segmentation faults for recode-using pages. + changed problematic parameters back to "int" and added an overflow check. + thanks to Thomas Stegbauer, Tim Dijkstra, Bart Cortooms, Sebastian Göbel, + and Vincent Tondellier for their reports. closes: #459020. + + -- Sean Finney <seanius@debian.org> Thu, 21 Feb 2008 00:59:21 +0100 + php5 (5.2.5-2) unstable; urgency=low * debian/patches/libdb_is_-ldb: reorder the search for db4 instances to diff --git a/debian/patches/043-recode_size_t.patch b/debian/patches/043-recode_size_t.patch index a9075ab08..f4af255c6 100644 --- a/debian/patches/043-recode_size_t.patch +++ b/debian/patches/043-recode_size_t.patch @@ -1,13 +1,13 @@ -Index: php5-5.2.4/ext/recode/recode.c +Index: php5-5.2.5/ext/recode/recode.c =================================================================== ---- php5-5.2.4.orig/ext/recode/recode.c 2007-06-22 02:02:15.000000000 +0200 -+++ php5-5.2.4/ext/recode/recode.c 2007-09-11 00:26:24.000000000 +0200 -@@ -133,7 +133,7 @@ - RECODE_REQUEST request = NULL; - char *r = NULL; - size_t r_len = 0, r_alen = 0; -- int req_len, str_len; -+ size_t req_len, str_len; +--- php5-5.2.5.orig/ext/recode/recode.c 2007-06-22 02:02:15.000000000 +0200 ++++ php5-5.2.5/ext/recode/recode.c 2008-02-21 00:46:54.000000000 +0100 +@@ -136,7 +136,7 @@ + int req_len, str_len; char *req, *str; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &req, &req_len, &str, &str_len) == FAILURE) { +- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &req, &req_len, &str, &str_len) == FAILURE) { ++ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &req, &req_len, &str, &str_len) == FAILURE || str_len < 0) { + return; + } + |