We add PHP bindings for libgd's features to read TGA files, which are
available as of libgd 2.1.0.
As PHP's bundled libgd doesn't yet include the respective features of the
external libgd, we add these.
Since TGA has no easily recognizable file signature, we don't add TGA
support for imagecreatefromstring() or getimagesize() and friends.
These tests actually check that no file with a name containing a NUL is
created by the GD image output functions. This is superfluous, since
it is sufficient to check that the function failed, and that an
appropriate warning has been raised.
We also add missing nullbyte injection tests.
This filter is available as of libgd 2.1.0 which is our bare minimum for
external compilation of ext/gd.
The scatter filter works by iterating over all pixels in the image and
shifting them randomly based on two modifier (`plus` and `sub`) values:
dest_x = (int)(x + ((rand() % (plus - sub)) + sub));
dest_y = (int)(y + ((rand() % (plus - sub)) + sub));
Additionally the scatter filter also supports by only shifting pixels where
the current pixel being iterated is one or more colors, allowing the scatter
filter to only effect solid colors in part of an image.
Note, due to the nature of randomness and implementation, pixels who were
shifted ahead of iteration will be shifted once more and therefore the
bottom right of an image may contain a slight scatter effect due to this.
Firstly, we must not call `gdImageSetAntiAliased()` (which sets the
color to anti-alias), but rather modify the `gdImage.AA` flag.
Furthermore, we have to actually use the supplied boolean value.
We also make sure that we don't attempt to enable anti-aliasing for
palette images.
The fix for PHP bug 43828[1] changed the algorithm from drawing filled
pies from drawing multiple triangles to drawing a single polygon. Due
to quirks of the filled polygon drawing algorithm, we had to filter out
extraneous vertices. This lead, however, to a bug regarding displaced
starting and ending points near 90° and 270° degrees, which we fix by
reinserting these vertices if they had been removed.
This fix is a port of libgd/libgd@1406b1a.
[1] <https://bugs.php.net/bug.php?id=43828>
`_gdScaleHoriz()` and `_gdScaleVert()` may fail, but don't signal
failure since they are void functions. We change that according to
upstream libgd.
We also remove the unused `Scale()` function, which doesn't exist in
upstream libgd either, right away.
* PHP-7.3:
Fix#77367: Negative size parameter in mb_split
Fix#77369 - memcpy with negative length via crafted DNS response
Fix more issues with encodilng length
Fix#77270: imagecolormatch Out Of Bounds Write on Heap
Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
Fix#77269: Potential unsigned underflow in gdImageScale
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
Regenerate certs for openssl tests
* PHP-7.2:
Fix#77369 - memcpy with negative length via crafted DNS response
Fix more issues with encodilng length
Fix#77270: imagecolormatch Out Of Bounds Write on Heap
Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
Fix#77269: Potential unsigned underflow in gdImageScale
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
Regenerate certs for openssl tests
* PHP-7.1:
Fix#77369 - memcpy with negative length via crafted DNS response
Fix more issues with encodilng length
Fix#77270: imagecolormatch Out Of Bounds Write on Heap
Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
Fix#77269: Potential unsigned underflow in gdImageScale
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
Regenerate certs for openssl tests
At least some of the image reading functions may return images which
use color indexes greater than or equal to im->colorsTotal. We cater
to this by always using a buffer size which is sufficient for
`gdMaxColors` in `gdImageColorMatch()`.
Christoph M. Becker