MFH: Fixed bug #33210 (relax jpeg recursive loop protection).

author: Ilia Alshanetsky <iliaa@php.net> 2005-06-01 22:29:20 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2005-06-01 22:29:20 +0000
commit: a02c9cf4f15240ed274f80e385265c3d23143483 (patch)
tree: 7fc4bedd4b4a099e9060432f3378f117b40c4e7d
parent: ca669645301cff3b2b86d01fe8dc6cb684770c5a (diff)
download: php-git-a02c9cf4f15240ed274f80e385265c3d23143483.tar.gz
2 files changed, 2 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 9122b8307a..e643084f01 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,7 @@ PHP 4                                                                      NEWS
   them sort based on the current locale. (Derick)
 - Changed sha1_file() and md5_file() functions to use streams instead of 
   low level IO. (Uwe)
+- Fixed bug #33210 (relax jpeg recursive loop protection). (Ilia)
 - Fixed bug #33200 (preg_replace(): magic_quotes_sybase=On makes 'e' modifier
   misbehave). (Jani)
 - Fixed bug #33072 (Add a safemode/open_basedir check for runtime save_path 
diff --git a/ext/standard/image.c b/ext/standard/image.c
index 6a015cb326..4849fff715 100644
--- a/ext/standard/image.c
+++ b/ext/standard/image.c
@@ -401,7 +401,7 @@ static unsigned int php_next_marker(php_stream * stream, int last_marker, int co
 				last_marker = M_PSEUDO; /* stop skipping non 0xff for M_COM */
 			}
 		}
-		if (++a > 10)
+		if (++a > 25)
 		{
 			/* who knows the maxim amount of 0xff? though 7 */
 			/* but found other implementations              */
author	Ilia Alshanetsky <iliaa@php.net>	2005-06-01 22:29:20 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2005-06-01 22:29:20 +0000
commit	a02c9cf4f15240ed274f80e385265c3d23143483 (patch)
tree	7fc4bedd4b4a099e9060432f3378f117b40c4e7d
parent	ca669645301cff3b2b86d01fe8dc6cb684770c5a (diff)
download	php-git-a02c9cf4f15240ed274f80e385265c3d23143483.tar.gz