php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed GH-18243: imagettftext underflow/overflow on size argument.

Browse Source 
close GH-18245
This commit is contained in:
David Carlier
2025-04-04 06:55:59 +01:00
parent 821e3460fb
commit fe8dffef5d
3 changed files with 55 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@@ -5,6 +5,8 @@ PHP NEWS
- GD:
. Fixed imagecrop() overflow with rect argument with x/width y/heigh usage
in gdImageCrop(). (David Carlier)
. Fixed GH-18243 imagettftext() overflow/underflow on font size value.
(David Carlier)
- OpenSSL:
. Fix memory leak in openssl_sign() when passing invalid algorithm.

11
ext/gd/gd.c
View File

@@ -3082,6 +3082,17 @@ static void php_imagettftext_common(INTERNAL_FUNCTION_PARAMETERS, int mode)
im = php_gd_libgdimageptr_from_zval_p(IM);
}
// FT_F26Dot6 is a signed long alias
if (ptsize < (double)LONG_MIN / 64 || ptsize > (double)LONG_MAX / 64) {
zend_argument_value_error(2, "must be between " ZEND_LONG_FMT " and " ZEND_LONG_FMT, (zend_long)((double)LONG_MIN / 64), (zend_long)((double)LONG_MAX / 64));
RETURN_THROWS();
}
if (UNEXPECTED(!zend_finite(ptsize))) {
zend_argument_value_error(2, "must be finite");
RETURN_THROWS();
}
/* convert angle to radians */
angle = angle * (M_PI/180);

42
ext/gd/tests/gh18243.phpt Normal file
View File

@@ -0,0 +1,42 @@
--TEST--
GH-18243: imagefttext underflow/overflow on $size
--EXTENSIONS--
gd
--SKIPIF--
<?php
if(!function_exists('imagettftext')) die('skip imagettftext() not available');
?>
--FILE--
<?php
$font = __DIR__.'/Rochester-Regular.otf';
$im = imagecreatetruecolor(100, 80);
try {
imagettftext($im, PHP_INT_MAX, 0, 15, 60, 0, $font, "");
} catch (\ValueError $e) {
echo $e->getMessage(), PHP_EOL;
}
try {
imagettftext($im, PHP_INT_MIN, 0, 15, 60, 0, $font, "");
} catch (\ValueError $e) {
echo $e->getMessage(), PHP_EOL;
}
try {
imagettftext($im, NAN, 0, 15, 60, 0, $font, "");
} catch (\ValueError $e) {
echo $e->getMessage(), PHP_EOL;
}
try {
imagettftext($im, INF, 0, 15, 60, 0, $font, "");
} catch (\ValueError $e) {
echo $e->getMessage();
}
?>
--EXPECTF--
imagettftext(): Argument #2 ($size) must be between %i and %d
imagettftext(): Argument #2 ($size) must be between %i and %d
imagettftext(): Argument #2 ($size) must be finite
imagettftext(): Argument #2 ($size) must be between %i and %d