From e4dabc26cf5d7d5d5da8eb76eb47bc0b02ab3d5c Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Tue, 1 Nov 2022 08:32:52 +0100
Subject: Update to 7.4.33 - http://www.php.net/releases/7_4_33.php

---
 php-bug81739.patch | 70 ------------------------------------------------------
 1 file changed, 70 deletions(-)
 delete mode 100644 php-bug81739.patch

(limited to 'php-bug81739.patch')

diff --git a/php-bug81739.patch b/php-bug81739.patch
deleted file mode 100644
index f76e8c0..0000000
--- a/php-bug81739.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From d50532be91f054ef9beb1afca2ea94f4a70f7c4d Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Tue, 18 Oct 2022 12:13:16 +0200
-Subject: [PATCH] Fix #81739: OOB read due to insufficient validation in
- imageloadfont()
-
-If we swap the byte order of the relevant header bytes, we need to make
-sure again that the following multiplication does not overflow.
----
- ext/gd/gd.c                |  7 +++++++
- ext/gd/tests/bug81739.phpt | 24 ++++++++++++++++++++++++
- 2 files changed, 31 insertions(+)
- create mode 100644 ext/gd/tests/bug81739.phpt
-
-diff --git a/ext/gd/gd.c b/ext/gd/gd.c
-index 336a73969267..fde93bba496f 100644
---- a/ext/gd/gd.c
-+++ b/ext/gd/gd.c
-@@ -1485,6 +1485,12 @@ PHP_FUNCTION(imageloadfont)
- 		font->w = FLIPWORD(font->w);
- 		font->h = FLIPWORD(font->h);
- 		font->nchars = FLIPWORD(font->nchars);
-+		if (overflow2(font->nchars, font->h) || overflow2(font->nchars * font->h, font->w )) {
-+			php_error_docref(NULL, E_WARNING, "Error reading font, invalid font header");
-+			efree(font);
-+			php_stream_close(stream);
-+			RETURN_FALSE;
-+		}
- 		body_size = font->w * font->h * font->nchars;
- 	}
- 
-@@ -1495,6 +1501,7 @@ PHP_FUNCTION(imageloadfont)
- 		RETURN_FALSE;
- 	}
- 
-+	ZEND_ASSERT(body_size > 0);
- 	font->data = emalloc(body_size);
- 	b = 0;
- 	while (b < body_size && (n = php_stream_read(stream, &font->data[b], body_size - b)) > 0) {
-diff --git a/ext/gd/tests/bug81739.phpt b/ext/gd/tests/bug81739.phpt
-new file mode 100644
-index 000000000000..cc2a90381bab
---- /dev/null
-+++ b/ext/gd/tests/bug81739.phpt
-@@ -0,0 +1,24 @@
-+--TEST--
-+Bug #81739 (OOB read due to insufficient validation in imageloadfont())
-+--SKIPIF--
-+<?php
-+if (!extension_loaded("gd")) die("skip gd extension not available");
-+?>
-+--FILE--
-+<?php
-+$s = fopen(__DIR__ . "/font.font", "w");
-+// header without character data
-+fwrite($s, "\x01\x00\x00\x00\x20\x00\x00\x00\x08\x00\x00\x00\x08\x00\x00\x00");
-+fclose($s);
-+var_dump(imageloadfont(__DIR__ . "/font.font"));
-+?>
-+--CLEAN--
-+<?php
-+@unlink(__DIR__ . "/font.font");
-+?>
-+--EXPECTF--
-+Warning: imageloadfont(): %croduct of memory allocation multiplication would exceed INT_MAX, failing operation gracefully
-+ in %s on line %d
-+
-+Warning: imageloadfont(): Error reading font, invalid font header in %s on line %d
-+bool(false)
-\ No newline at end of file
-- 
cgit