summaryrefslogtreecommitdiff
path: root/ext/gd
Commit message (Collapse)AuthorAgeFilesLines
* Fixed bug #65148 (imagerotate may alter image dimensions)Christoph M. Becker2017-10-243-22/+244
| | | | | | | | | We apply the respective patches from external libgd, work around the still missing `gdImageClone()`, and fix the special cased rotation routines according to Pierre's patch (https://gist.github.com/pierrejoye/59d72385ed1888cf8894a7ed437235ae). We also cater to bug73272.phpt whose result obviously changes a bit.
* Fix memory leakAnatol Belski2017-10-231-1/+4
|
* Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?)Christoph M. Becker2017-09-021-2/+2
| | | | | | | | We back-port https://github.com/libgd/libgd/commit/dd48286 even though we cannot come up with a regression test, because the erroneous condition appears to be impossible to trigger. We also parenthesize the inner ternary operation to avoid confusion.
* Fixed bug #75124 (gdImageGrayScale() may produce colors)Christoph M. Becker2017-08-273-0/+38
| | | | | | | We have to make sure to avoid alpha-blending issues by explicitly switching to `gdEffectReplace` and to restore the old value afterwards. This is a port of <https://github.com/libgd/libgd/commit/a7a7ece>.
* Shrink test imageChristoph M. Becker2017-07-301-0/+0
| | | | | | | | The last (`IDAT`) chunk in this file starting at `0x5e265` reports to have a length of `0x2000` bytes, but there are only `0x1D9B` bytes left. Simply cutting the first `IDAT` chunk which starts at `0x31` and also reports a length of `0x2000` at the same offset should produce the same test results (while reducing the file size to 7.628 bytes).
* Skip this test if ext/gd is not availableChristoph M. Becker2017-07-301-0/+4
|
* Merge branch 'PHP-5.6' into PHP-7.0Stanislav Malyshev2017-07-043-0/+30
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.6: Update NEWS Fix bug #74087 Fixed parsing of strange formats with mixed month/day and time strings Fix bug #74145 - wddx parsing empty boolean tag leads to SIGSEGV Fixed bug #74111 Fix #74435: Buffer over-read into uninitialized memory Fix bug #74603 - use correct buffer size Fix bug #74651 - check EVP_SealInit as it can return -1 Update NEWS Fix bug #73807
| * Fix #74435: Buffer over-read into uninitialized memoryChristoph M. Becker2017-07-043-0/+30
| | | | | | | | | | The stack allocated color map buffers were not zeroed before usage, and so undefined palette indexes could cause information leakage.
* | Fixed condition checkXinchen Hui2017-04-101-1/+1
| |
* | fix bug #74343 compile fails on solaris 11 with system libgdJoe Watkins2017-03-301-1/+1
| |
* | Fix bug #74031Matěj Humpál2017-02-022-0/+12
| | | | | | | | Fix incorrect parameter count for imagepng function
* | Add regression test for bug #47946Christoph M. Becker2017-01-222-0/+51
| | | | | | | | | | | | | | | | | | This bug had already been fixed, but apparently there's no regression test yet, so we add one. Note that the expected image has black pixel artifacts, which are another issue (perhaps bug #40158), and would have to be adressed separately.
* | Fix intermittent segfault in GD libraryMitch Hagstrand2017-01-221-2/+2
| | | | | | | | | | The gdIOCtx struct should be zero filled with ecalloc. emalloc does not zero fill the struct.
* | Fix #73968: Premature failing of XBM readingChristoph M. Becker2017-01-214-4/+21
| | | | | | | | | | | | | | | | | | We must take into account the line padding, when we're reading XBM files. We deliberately ignore the potential integer overflow here, because that would be caught by gdImageCreate() or even earlier if `bytes==0`, what happens in libgd00094.phpt which we adapt accordingly.
* | Merge branch 'PHP-5.6' into PHP-7.0Anatol Belski2017-01-176-2/+47
|\ \ | |/ | | | | | | | | * PHP-5.6: Fix #73869: Signed Integer Overflow gd_io.c Fix #73868: DOS vulnerability in gdImageCreateFromGd2Ctx()
| * Fix #73869: Signed Integer Overflow gd_io.cChristoph M. Becker2017-01-174-0/+23
| | | | | | | | | | | | | | | | | | | | | | GD2 stores the number of horizontal and vertical chunks as words (i.e. 2 byte unsigned). These values are multiplied and assigned to an int when reading the image, what can cause integer overflows. We have to avoid that, and also make sure that either chunk count is actually greater than zero. If illegal chunk counts are detected, we bail out from reading the image. (cherry picked from commit 5b5d9db3988b829e0b121b74bb3947f01c2796a1)
| * Fix #73868: DOS vulnerability in gdImageCreateFromGd2Ctx()Christoph M. Becker2017-01-173-2/+24
| | | | | | | | | | | | | | We must not pretend that there are image data if there are none. Instead we fail reading the image file gracefully. (cherry picked from commit cdb648dc4115ce0722f3cc75e6a65115fc0e56ab)
* | Fix #73893: A hidden danger of death cycle in a function of gdChristoph M. Becker2017-01-102-217/+0
| | | | | | | | We remove the unused, but potentially dangerous functions.
* | Update copyright headers to 2017Sammy Kaye Powers2017-01-044-4/+4
| |
* | Merge branch 'PHP-5.6' into PHP-7.0Stanislav Malyshev2016-11-272-1/+39
|\ \ | |/ | | | | | | * PHP-5.6: Fix #73549: Use after free when stream is passed to imagepng
| * Fix #73549: Use after free when stream is passed to imagepngChristoph M. Becker2016-11-272-1/+39
| | | | | | | | | | If a stream is passed to imagepng() or other image output functions, opposed to a filename, we must not close this stream.
* | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-11-251-0/+1
|\ \ | |/
| * Fix #73582: Failing ext/gd/tests/imagettftext_charmap_order.phptChristoph M. Becker2016-11-251-0/+1
| | | | | | | | | | This test is not supposed to work with JIS-mapped Japanese font support enabled.
| * Merge remote-tracking branch 'phpsec/PHP-5.6.28' into PHP-5.6Anatol Belski2016-11-085-49/+58
| |\
| | * Fix #72696: imagefilltoborder stackoverflow on truecolor imagesChristoph M. Becker2016-10-302-1/+15
| | | | | | | | | | | | | | | | | | We must not allow negative color values be passed to gdImageFillToBorder(), because that can lead to infinite recursion since the recursion termination condition will not necessarily be met.
| | * Fix #72482: Ilegal write/read access caused by gdImageAALine overflowChristoph M. Becker2016-10-304-48/+43
| | | | | | | | | | | | | | | | | | | | | | | | Instead of rolling our own bounds check we use clip_1d() as it's done in gdImageLine() and in external libgd. We must not pass the image width and height, respectively, but rather the largest ordinate value that is allowed to be accessed, i.e. width-1 and height-1, respectively.
* | | remove TSRMLS_*Anatol Belski2016-11-211-3/+3
| | |
* | | Merge remote-tracking branch 'phpsec/PHP-7.0.13' into PHP-7.0Anatol Belski2016-11-085-49/+58
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * phpsec/PHP-7.0.13: Fixed bug #73418 Integer Overflow in "_php_imap_mail" leads to crash Fix #72696: imagefilltoborder stackoverflow on truecolor images Fix #72482: Ilegal write/read access caused by gdImageAALine overflow Fix bug #73144 and bug #73341 - remove extra dtor remove unreferenced var came in with merge Fix bug #73331 - do not try to serialize/unserialize objects wddx can not handle fix version set versions
| * | | Fix #72696: imagefilltoborder stackoverflow on truecolor imagesChristoph M. Becker2016-11-012-1/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We must not allow negative color values be passed to gdImageFillToBorder(), because that can lead to infinite recursion since the recursion termination condition will not necessarily be met. (cherry picked from commit 863d37ea66d5c960db08d6f4a2cbd2518f0f80d1)
| * | | Fix #72482: Ilegal write/read access caused by gdImageAALine overflowChristoph M. Becker2016-11-014-48/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of rolling our own bounds check we use clip_1d() as it's done in gdImageLine() and in external libgd. We must not pass the image width and height, respectively, but rather the largest ordinate value that is allowed to be accessed, i.e. width-1 and height-1, respectively. (cherry picked from commit 6499581af76cfe986e12330faabb3a7c36d45ffc)
* | | | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-10-252-0/+19
|\ \ \ \ | |/ / / |/| / / | |/ /
| * | Fix #72494: imagecropauto out-of-bounds accessChristoph M. Becker2016-10-252-0/+19
| |/ | | | | | | | | | | | | | | This issue has actually already been fixed with commit 46f2c690. We're adding a regression test and a NEWS entry, and also port the fix in gdImageCropThreshold() from libgd: * <https://github.com/libgd/libgd/commit/b347e034> * <https://github.com/libgd/libgd/commit/46f2c690>
* | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-10-131-1/+1
|\ \ | |/
| * Fix #73280: Stack Buffer Overflow in GD dynamicGetbufChristoph M. Becker2016-10-131-1/+1
| | | | | | | | | | | | We make sure to never pass a negative `rlen` as size to memcpy(). Cf. <https://github.com/libgd/libgd/commit/53110871>.
* | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-10-103-4/+46
|\ \ | |/
| * Fix #73279: Integer overflow in gdImageScaleBilinearPalette()Christoph M. Becker2016-10-103-4/+46
| | | | | | | | | | | | | | The color components are supposed to be in range 0..255, so we must not cast them to `signed char`, what can be the default for `char`. Port of <https://github.com/libgd/libgd/commit/77c8d359>.
* | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-10-093-1/+28
|\ \ | |/
| * Fix #73272: imagescale() affects imagesetinterpolation()Christoph M. Becker2016-10-093-1/+28
| | | | | | | | | | We must not permanently change the interpolation method, but rather have to restore the old method after we're done with scaling the image.
* | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-09-303-17/+51
|\ \ | |/
| * Fix #73213: Integer overflow in imageline() with antialiasingChristoph M. Becker2016-09-303-17/+51
| | | | | | | | | | We port the respective fixes <https://github.com/libgd/libgd/commit/eca37d620> and <https://github.com/libgd/libgd/commit/837b7327> to our bundled libgd.
* | Add an include path for freetype which is relevant for cmake buildsAnatol Belski2016-09-251-1/+1
| |
* | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-09-252-2/+63
|\ \ | |/
| * Fix test_image_equals_file() wrt. palette imagesChristoph M. Becker2016-09-252-2/+63
| | | | | | | | | | | | | | | | | | | | | | | | The recently introduced test_image_equals_file() doesn't properly work for palette images, because in this case only the palette indexes are compared, what can lead to false positives and negatives as shown in the added test. To fix that we convert palette images to truecolor, what is supposed to be faster than calling imagecolorsforindex() for each pixel. We furthermore rely on PHP's refcounting to free unused images; after all, this is not C.
* | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-09-243-5/+23
|\ \ | |/
| * Fix #73161: imagecreatefromgd2() may leak memoryChristoph M. Becker2016-09-243-5/+23
| |
* | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-09-242-1/+22
|\ \ | |/
| * Fix #73159: imagegd2(): unrecognized formats may result in corrupted filesChristoph M. Becker2016-09-242-1/+22
| | | | | | | | We must not apply the format correction twice for truecolor images.
* | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-09-242-2/+30
|\ \ | |/
| * Fix #73155: imagegd2() writes wrong chunk sizes on boundariesChristoph M. Becker2016-09-242-2/+30
| |
| * Fix #73157 (again): imagegd2() ignores 3rd param if 4 are givenChristoph M. Becker2016-09-242-4/+26
| | | | | | | | Obviously, there was a bad merge.
View Lorry Controller Status