From 15837bab8ce05ead227d654f0b7ed8f6a0a431d8 Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Tue, 10 Jan 2017 19:31:33 +0100 Subject: [PATCH 1/5] Fix #73893: A hidden danger of death cycle in a function of gd We remove the unused, but potentially dangerous functions. --- NEWS | 3 + ext/gd/libgd/gd.h | 2 - ext/gd/libgd/gd_rotate.c | 215 --------------------------------------- 3 files changed, 3 insertions(+), 217 deletions(-) diff --git a/NEWS b/NEWS index 3a8919aece5..fb75b0017b9 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,9 @@ PHP NEWS . Fixed bug #73876 (Crash when exporting **= in expansion of assign op). (Sara) +- GD: + . Fixed bug #73893 (A hidden danger of death cycle in a function of gd). (cmb) + - FPM: . Fixed bug #67583 (double fastcgi_end_request on max_children limit). (Dmitry Saprykin) diff --git a/ext/gd/libgd/gd.h b/ext/gd/libgd/gd.h index 2eb4fd8e1cb..2a554a59000 100644 --- a/ext/gd/libgd/gd.h +++ b/ext/gd/libgd/gd.h @@ -693,8 +693,6 @@ void gdImageCopyResampled(gdImagePtr dst, gdImagePtr src, int dstX, int dstY, in gdImagePtr gdImageRotate90(gdImagePtr src, int ignoretransparent); gdImagePtr gdImageRotate180(gdImagePtr src, int ignoretransparent); gdImagePtr gdImageRotate270(gdImagePtr src, int ignoretransparent); -gdImagePtr gdImageRotate45(gdImagePtr src, double dAngle, int clrBack, int ignoretransparent); -gdImagePtr gdImageRotate (gdImagePtr src, double dAngle, int clrBack, int ignoretransparent); gdImagePtr gdImageRotateInterpolated(const gdImagePtr src, const float angle, int bgcolor); void gdImageSetBrush(gdImagePtr im, gdImagePtr brush); diff --git a/ext/gd/libgd/gd_rotate.c b/ext/gd/libgd/gd_rotate.c index e94809ae770..3ec0b5bff2d 100644 --- a/ext/gd/libgd/gd_rotate.c +++ b/ext/gd/libgd/gd_rotate.c @@ -343,218 +343,3 @@ gdImagePtr gdImageRotate270 (gdImagePtr src, int ignoretransparent) return dst; } - -gdImagePtr gdImageRotate45 (gdImagePtr src, double dAngle, int clrBack, int ignoretransparent) -{ - typedef int (*FuncPtr)(gdImagePtr, int, int); - gdImagePtr dst1,dst2,dst3; - FuncPtr f; - double dRadAngle, dSinE, dTan, dShear; - double dOffset; /* Variable skew offset */ - int u, iShear, newx, newy; - int clrBackR, clrBackG, clrBackB, clrBackA; - - /* See GEMS I for the algorithm details */ - dRadAngle = dAngle * ROTATE_DEG2RAD; /* Angle in radians */ - dSinE = sin (dRadAngle); - dTan = tan (dRadAngle / 2.0); - - newx = (int)(src->sx + src->sy * fabs(dTan)); - newy = src->sy; - - /* 1st shear */ - if (src->trueColor) { - f = gdImageGetTrueColorPixel; - } else { - f = gdImageGetPixel; - } - - dst1 = gdImageCreateTrueColor(newx, newy); - /******* Perform 1st shear (horizontal) ******/ - if (dst1 == NULL) { - return NULL; - } -#ifdef HAVE_GD_BUNDLED - dst1->alphaBlendingFlag = gdEffectReplace; -#else - gdImageAlphaBlending(dst1, 0); -#endif - if (dAngle == 0.0) { - /* Returns copy of src */ - gdImageCopy (dst1, src,0,0,0,0,src->sx,src->sy); - return dst1; - } - - gdImagePaletteCopy (dst1, src); - - if (ignoretransparent) { - if (gdImageTrueColor(src)) { - dst1->transparent = src->transparent; - } else { - - dst1->transparent = gdTrueColorAlpha(gdImageRed(src, src->transparent), gdImageBlue(src, src->transparent), gdImageGreen(src, src->transparent), 127); - } - } - - dRadAngle = dAngle * ROTATE_DEG2RAD; /* Angle in radians */ - dSinE = sin (dRadAngle); - dTan = tan (dRadAngle / 2.0); - - for (u = 0; u < dst1->sy; u++) { - if (dTan >= 0.0) { - dShear = ((double)(u + 0.5)) * dTan; - } else { - dShear = ((double)(u - dst1->sy) + 0.5) * dTan; - } - - iShear = (int)floor(dShear); - gdImageSkewX(dst1, src, u, iShear, (dShear - iShear), clrBack, ignoretransparent); - } - - /* - The 1st shear may use the original clrBack as color index - Convert it once here - */ - if(!src->trueColor) { - clrBackR = gdImageRed(src, clrBack); - clrBackG = gdImageGreen(src, clrBack); - clrBackB = gdImageBlue(src, clrBack); - clrBackA = gdImageAlpha(src, clrBack); - clrBack = gdTrueColorAlpha(clrBackR, clrBackG, clrBackB, clrBackA); - } - /* 2nd shear */ - newx = dst1->sx; - - if (dSinE > 0.0) { - dOffset = (src->sx-1) * dSinE; - } else { - dOffset = -dSinE * (src->sx - newx); - } - - newy = (int) ((double) src->sx * fabs( dSinE ) + (double) src->sy * cos (dRadAngle))+1; - - if (src->trueColor) { - f = gdImageGetTrueColorPixel; - } else { - f = gdImageGetPixel; - } - dst2 = gdImageCreateTrueColor(newx, newy); - if (dst2 == NULL) { - gdImageDestroy(dst1); - return NULL; - } - -#ifdef HAVE_GD_BUNDLED - dst2->alphaBlendingFlag = gdEffectReplace; -#else - gdImageAlphaBlending(dst2, 0); -#endif - - if (ignoretransparent) { - dst2->transparent = dst1->transparent; - } - - for (u = 0; u < dst2->sx; u++, dOffset -= dSinE) { - iShear = (int)floor (dOffset); - gdImageSkewY(dst2, dst1, u, iShear, (dOffset - (double)iShear), clrBack, ignoretransparent); - } - - /* 3rd shear */ - gdImageDestroy(dst1); - - newx = (int) ((double)src->sy * fabs (dSinE) + (double)src->sx * cos (dRadAngle)) + 1; - newy = dst2->sy; - - if (src->trueColor) { - f = gdImageGetTrueColorPixel; - } else { - f = gdImageGetPixel; - } - dst3 = gdImageCreateTrueColor(newx, newy); - if (dst3 == NULL) { - gdImageDestroy(dst2); - return NULL; - } - -#ifdef HAVE_GD_BUNDLED - dst3->alphaBlendingFlag = gdEffectReplace; -#else - gdImageAlphaBlending(dst3, 0); -#endif - - if (ignoretransparent) { - dst3->transparent = dst2->transparent; - } - - if (dSinE >= 0.0) { - dOffset = (double)(src->sx - 1) * dSinE * -dTan; - } else { - dOffset = dTan * ((double)(src->sx - 1) * -dSinE + (double)(1 - newy)); - } - - for (u = 0; u < dst3->sy; u++, dOffset += dTan) { - int iShear = (int)floor(dOffset); - gdImageSkewX(dst3, dst2, u, iShear, (dOffset - iShear), clrBack, ignoretransparent); - } - - gdImageDestroy(dst2); - - return dst3; -} - -gdImagePtr gdImageRotate (gdImagePtr src, double dAngle, int clrBack, int ignoretransparent) -{ - gdImagePtr pMidImg; - gdImagePtr rotatedImg; - - if (src == NULL) { - return NULL; - } - - if (!gdImageTrueColor(src) && (clrBack < 0 || clrBack>=gdImageColorsTotal(src))) { - return NULL; - } - - while (dAngle >= 360.0) { - dAngle -= 360.0; - } - - while (dAngle < 0) { - dAngle += 360.0; - } - - if (dAngle == 90.00) { - return gdImageRotate90(src, ignoretransparent); - } - if (dAngle == 180.00) { - return gdImageRotate180(src, ignoretransparent); - } - if(dAngle == 270.00) { - return gdImageRotate270 (src, ignoretransparent); - } - - if ((dAngle > 45.0) && (dAngle <= 135.0)) { - pMidImg = gdImageRotate90 (src, ignoretransparent); - dAngle -= 90.0; - } else if ((dAngle > 135.0) && (dAngle <= 225.0)) { - pMidImg = gdImageRotate180 (src, ignoretransparent); - dAngle -= 180.0; - } else if ((dAngle > 225.0) && (dAngle <= 315.0)) { - pMidImg = gdImageRotate270 (src, ignoretransparent); - dAngle -= 270.0; - } else { - return gdImageRotate45 (src, dAngle, clrBack, ignoretransparent); - } - - if (pMidImg == NULL) { - return NULL; - } - - rotatedImg = gdImageRotate45 (pMidImg, dAngle, clrBack, ignoretransparent); - gdImageDestroy(pMidImg); - - return rotatedImg; -} -/* End Rotate function */ - - From ad9c552b120b8f73a5e87b2f8af05e32db512e9f Mon Sep 17 00:00:00 2001 From: Mitch Hagstrand Date: Tue, 10 Jan 2017 11:51:55 -0800 Subject: [PATCH 2/5] Fix glob-wrapper.phpt to not fail in Windows --- ext/standard/tests/streams/glob-wrapper.phpt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ext/standard/tests/streams/glob-wrapper.phpt b/ext/standard/tests/streams/glob-wrapper.phpt index fc47d83a023..0e4438fdcc6 100644 --- a/ext/standard/tests/streams/glob-wrapper.phpt +++ b/ext/standard/tests/streams/glob-wrapper.phpt @@ -23,13 +23,13 @@ foreach ( [ __DIR__, "glob://".__DIR__ ] as $spec) { --EXPECTF-- ** Opening %s -Warning: opendir(): open_basedir restriction in effect. File(/%s) is not within the allowed path(s): (/does_not_exist) in %s/glob-wrapper.php on line 5 +Warning: opendir(): open_basedir restriction in effect. File(%s) is not within the allowed path(s): (/does_not_exist) in %s%eglob-wrapper.php on line 5 -Warning: opendir(/%s): failed to open dir: Operation not permitted in %s/glob-wrapper.php on line 5 -Failed to open /%s +Warning: opendir(%s): failed to open dir: Operation not permitted in %s%eglob-wrapper.php on line 5 +Failed to open %s ** Opening glob://%s -Warning: opendir(): open_basedir restriction in effect. File(/%s) is not within the allowed path(s): (/does_not_exist) in %s/glob-wrapper.php on line 5 +Warning: opendir(): open_basedir restriction in effect. File(%s) is not within the allowed path(s): (/does_not_exist) in %s%eglob-wrapper.php on line 5 -Warning: opendir(glob://%s): failed to open dir: operation failed in %s/glob-wrapper.php on line 5 +Warning: opendir(glob://%s): failed to open dir: operation failed in %s%eglob-wrapper.php on line 5 Failed to open glob://%s From 07340553a562db2387c9995dce0c84dd9afba97e Mon Sep 17 00:00:00 2001 From: Arnout Boks Date: Tue, 10 Jan 2017 21:19:37 +0100 Subject: [PATCH 3/5] Fixed bug #61858 (DOMAttr debug info generates E_WARNING) It seems fair to remove this warning, given that: * it is not documented in the official documentation * the $specified property, which has a similar 'not implemented' status, also does not trigger a warning * it apparently hinders quite a lot of people during debugging, judging by the number of votes on the bug --- NEWS | 3 +++ ext/dom/attr.c | 2 +- ext/dom/tests/bug61858.phpt | 24 ++++++++++++++++++++++++ ext/dom/tests/dom_set_attr_node.phpt | 4 +--- 4 files changed, 29 insertions(+), 4 deletions(-) create mode 100644 ext/dom/tests/bug61858.phpt diff --git a/NEWS b/NEWS index fb75b0017b9..a066036de76 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,9 @@ PHP NEWS . Fixed bug #73876 (Crash when exporting **= in expansion of assign op). (Sara) +- Dom: + . Fixed bug #61858 (DOMAttr debug info generates E_WARNING). (Arnout Boks) + - GD: . Fixed bug #73893 (A hidden danger of death cycle in a function of gd). (cmb) diff --git a/ext/dom/attr.c b/ext/dom/attr.c index 40a10f2f3d7..db700290042 100644 --- a/ext/dom/attr.c +++ b/ext/dom/attr.c @@ -213,7 +213,7 @@ Since: DOM Level 3 */ int dom_attr_schema_type_info_read(dom_object *obj, zval *retval) { - php_error_docref(NULL, E_WARNING, "Not yet implemented"); + /* TODO */ ZVAL_NULL(retval); return SUCCESS; } diff --git a/ext/dom/tests/bug61858.phpt b/ext/dom/tests/bug61858.phpt new file mode 100644 index 00000000000..ccdd0cd80c2 --- /dev/null +++ b/ext/dom/tests/bug61858.phpt @@ -0,0 +1,24 @@ +--TEST-- +Bug #61858 DOMAttr debug info generates E_WARNING +--SKIPIF-- + +--FILE-- +loadXML('Test'); + +$example = $doc->getElementsByTagName('example')->item(0); +$attr = $example->getAttributeNode('a'); + +var_dump($attr); +print_r($attr); +--EXPECTF-- +object(DOMAttr)#%d (%d) { +%A +} +DOMAttr Object +( +%A +) diff --git a/ext/dom/tests/dom_set_attr_node.phpt b/ext/dom/tests/dom_set_attr_node.phpt index a426a6f3f89..18c697710a5 100644 --- a/ext/dom/tests/dom_set_attr_node.phpt +++ b/ext/dom/tests/dom_set_attr_node.phpt @@ -61,9 +61,7 @@ object(DOMException)#%d (7) { ["args"]=> array(1) { [0]=> - -Warning: var_dump(): %s -DOMAttr + DOMAttr } } } From 13edec75a32f8de674a9e0d5b295f9b872212343 Mon Sep 17 00:00:00 2001 From: Arnout Boks Date: Tue, 10 Jan 2017 20:48:45 +0100 Subject: [PATCH 4/5] Fixed #73907 (nextSibling property not included in var_dump of DOMNode) --- NEWS | 2 ++ ext/dom/node.c | 3 ++- ext/dom/tests/bug69846.phpt | 12 +++++++++--- ext/dom/tests/bug73907.phpt | 20 ++++++++++++++++++++ ext/dom/tests/domobject_debug_handler.phpt | 1 + 5 files changed, 34 insertions(+), 4 deletions(-) create mode 100644 ext/dom/tests/bug73907.phpt diff --git a/NEWS b/NEWS index a066036de76..d9be2844187 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,8 @@ PHP NEWS - Dom: . Fixed bug #61858 (DOMAttr debug info generates E_WARNING). (Arnout Boks) + . Fixed bug #73907 (nextSibling property not included in var_dump of DOMNode). + (Arnout Boks) - GD: . Fixed bug #73893 (A hidden danger of death cycle in a function of gd). (cmb) diff --git a/ext/dom/node.c b/ext/dom/node.c index 913029445b1..82879da3b5f 100644 --- a/ext/dom/node.c +++ b/ext/dom/node.c @@ -549,7 +549,8 @@ int dom_node_next_sibling_read(dom_object *obj, zval *retval) nextsib = nodep->next; if (!nextsib) { - return FAILURE; + ZVAL_NULL(retval); + return SUCCESS; } php_dom_create_object(nextsib, retval, obj); diff --git a/ext/dom/tests/bug69846.phpt b/ext/dom/tests/bug69846.phpt index 08e35cdcf6b..2e8e05aa2c5 100644 --- a/ext/dom/tests/bug69846.phpt +++ b/ext/dom/tests/bug69846.phpt @@ -31,7 +31,7 @@ foreach ($dataNodes AS $node) { ===DONE=== --EXPECTF-- int(3) -object(DOMText)#%d (18) { +object(DOMText)#%d (19) { ["wholeText"]=> string(3) " " @@ -57,6 +57,8 @@ object(DOMText)#%d (18) { NULL ["previousSibling"]=> NULL + ["nextSibling"]=> + NULL ["attributes"]=> NULL ["ownerDocument"]=> @@ -73,7 +75,7 @@ object(DOMText)#%d (18) { string(3) " " } -object(DOMElement)#%d (17) { +object(DOMElement)#%d (18) { ["tagName"]=> string(5) "form1" ["schemaTypeInfo"]=> @@ -98,6 +100,8 @@ object(DOMElement)#%d (17) { string(22) "(object value omitted)" ["previousSibling"]=> NULL + ["nextSibling"]=> + NULL ["attributes"]=> string(22) "(object value omitted)" ["ownerDocument"]=> @@ -117,7 +121,7 @@ object(DOMElement)#%d (17) { Value C " } -object(DOMText)#%d (18) { +object(DOMText)#%d (19) { ["wholeText"]=> string(1) " " @@ -143,6 +147,8 @@ object(DOMText)#%d (18) { NULL ["previousSibling"]=> NULL + ["nextSibling"]=> + NULL ["attributes"]=> NULL ["ownerDocument"]=> diff --git a/ext/dom/tests/bug73907.phpt b/ext/dom/tests/bug73907.phpt new file mode 100644 index 00000000000..346d8135bb1 --- /dev/null +++ b/ext/dom/tests/bug73907.phpt @@ -0,0 +1,20 @@ +--TEST-- +Bug #73907 nextSibling property not included in var_dump of DOMNode +--SKIPIF-- + +--FILE-- + + +'; + +$doc = new DOMDocument(); +$doc->loadXML($xmlString); +$attr = $doc->documentElement; + +var_dump($attr); +--EXPECTF-- +object(DOMElement)#%d (%d) {%A + ["nextSibling"]=> + NULL +%A} \ No newline at end of file diff --git a/ext/dom/tests/domobject_debug_handler.phpt b/ext/dom/tests/domobject_debug_handler.phpt index 3c9f1335484..57d4a66ebb4 100644 --- a/ext/dom/tests/domobject_debug_handler.phpt +++ b/ext/dom/tests/domobject_debug_handler.phpt @@ -47,6 +47,7 @@ DOMDocument Object [firstChild] => (object value omitted) [lastChild] => (object value omitted) [previousSibling] => + [nextSibling] => [attributes] => [ownerDocument] => [namespaceURI] => From d9cd2876d97d79029a980e7c89aa441fd46a4bf2 Mon Sep 17 00:00:00 2001 From: Robrecht Plaisier Date: Fri, 14 Aug 2015 19:16:09 +0000 Subject: [PATCH 5/5] Fixed bug #67707 IV not needed for ECB encryption mode, but it returns a warning --- NEWS | 4 ++++ ext/mcrypt/mcrypt.c | 4 +++- ext/mcrypt/tests/bug67707.phpt | 10 ++++++++++ 3 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 ext/mcrypt/tests/bug67707.phpt diff --git a/NEWS b/NEWS index d9be2844187..7e0d1ac4325 100644 --- a/NEWS +++ b/NEWS @@ -18,6 +18,10 @@ PHP NEWS . Fixed bug #67583 (double fastcgi_end_request on max_children limit). (Dmitry Saprykin) +- MCrypt: + . Fixed bug #67707 (IV not needed for ECB encryption mode, but it returns a + warning). (Robrecht Plaisier) + - OpenSSL: . Fixed bug #71519 (add serial hex to return value array). (xrobau) diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c index b3f681654b2..c589b40fab5 100644 --- a/ext/mcrypt/mcrypt.c +++ b/ext/mcrypt/mcrypt.c @@ -572,7 +572,9 @@ PHP_FUNCTION(mcrypt_generic_init) memcpy(key_s, key, key_len); if (iv_len != iv_size) { - php_error_docref(NULL, E_WARNING, "Iv size incorrect; supplied length: %zd, needed: %d", iv_len, iv_size); + if (mcrypt_enc_mode_has_iv(pm->td)) { + php_error_docref(NULL, E_WARNING, "Iv size incorrect; supplied length: %zd, needed: %d", iv_len, iv_size); + } if (iv_len > iv_size) { iv_len = iv_size; } diff --git a/ext/mcrypt/tests/bug67707.phpt b/ext/mcrypt/tests/bug67707.phpt new file mode 100644 index 00000000000..9ba13ab0acd --- /dev/null +++ b/ext/mcrypt/tests/bug67707.phpt @@ -0,0 +1,10 @@ +--TEST-- +Bug #67707 IV not needed for ECB encryption mode, but it returns a warning +--SKIPIF-- + +--FILE-- + +--EXPECTF--