Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unexpected value in ext/gd/libgd/gd_interpolation.c:2443 #16322

Closed
YuanchengJiang opened this issue Oct 9, 2024 · 2 comments
Closed

Unexpected value in ext/gd/libgd/gd_interpolation.c:2443 #16322

YuanchengJiang opened this issue Oct 9, 2024 · 2 comments
Assignees
@devnexen
Labels
Bug Extension: gd Status: Verified

Comments

@YuanchengJiang
Copy link

Description

The following code:

<?php
$matrix = [PHP_INT_MAX, 1, 1, 1, 1, 1];
$src = imagecreatetruecolor(8, 8);
var_dump(imageaffine($src, $matrix));

Resulted in this output:

/php-src/ext/gd/libgd/gd_interpolation.c:2443:17: runtime error: 7.3787e+19 is outside the range of representable values of type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /php-src/ext/gd/libgd/gd_interpolation.c:2443:17 in

PHP Version

PHP 8.4.0-dev

Operating System

ubuntu 22.04
@cmb69
Copy link
Member

cmb69 commented Oct 9, 2024

There has been a recent change to gd_interpolation.c, so I think this now about:

php-src/ext/gd/libgd/gd_interpolation.c

Line 2461 in f2fbb75

bbox->width = (int) floor(max.x - min.x) - 1;

An option might be to clamp the value to fit into int, but the result should be checked. Maybe we just need to reject very large (and very small) values for the affine matrix components.

Upstream libgd might have the same issue:

https://github.com/libgd/libgd/blob/6e42ee80eb3bcf840c9fc03c6adc0550c1e02c63/src/gd_interpolation.c#L2205C2-L2205C45

Likely not relevant to this issue, but still something we may want to backport is libgd/libgd@b30fdbf; however, there was a follow up (libgd/libgd@3f50ffa) which changed that again.

@devnexen devnexen self-assigned this Oct 9, 2024
devnexen added a commit to devnexen/php-src that referenced this issue Oct 9, 2024
@devnexen
Fix phpGH-16322: imageaffine overflow on affine argument.
f341646
devnexen added a commit that referenced this issue Oct 9, 2024
@devnexen
Revert "Fix GH-16322: overflow on imageaffine matrix argument."
93a2fe8 
This reverts commit 0511426.
@cmb69 cmb69 closed this as completed in 0511426 Oct 9, 2024
cmb69 added a commit that referenced this issue Oct 9, 2024
@cmb69
Revert "Fix GH-16322: overflow on imageaffine matrix argument."
9b64d32 
This reverts commit 0511426, since it
apparently has been pushed inadvertently (see PR #16334).
cmb69 added a commit that referenced this issue Oct 9, 2024
@cmb69
Merge branch 'PHP-8.2' into PHP-8.3
3599b80 
* PHP-8.2:
  Revert "Fix GH-16322: overflow on imageaffine matrix argument."
  Fix GH-16322: overflow on imageaffine matrix argument.
cmb69 added a commit that referenced this issue Oct 9, 2024
@cmb69
Merge branch 'PHP-8.3' into PHP-8.4
07f1b5a 
* PHP-8.3:
  Revert "Fix GH-16322: overflow on imageaffine matrix argument."
  Fix GH-16322: overflow on imageaffine matrix argument.
cmb69 added a commit that referenced this issue Oct 9, 2024
@cmb69
Merge branch 'PHP-8.4'
f77c4c0 
* PHP-8.4:
  Revert "Fix GH-16322: overflow on imageaffine matrix argument."
  Fix GH-16322: overflow on imageaffine matrix argument.
cmb69 added a commit that referenced this issue Oct 9, 2024
@cmb69
Merge branch 'PHP-8.2' into PHP-8.3
b36170f 
* PHP-8.2:
  Revert "Fix GH-16322: overflow on imageaffine matrix argument."
cmb69 added a commit that referenced this issue Oct 9, 2024
@cmb69
Merge branch 'PHP-8.3' into PHP-8.4
7bf3f70 
* PHP-8.3:
  Revert "Fix GH-16322: overflow on imageaffine matrix argument."
cmb69 added a commit that referenced this issue Oct 9, 2024
@cmb69
Merge branch 'PHP-8.4'
b63e161 
* PHP-8.4:
  Revert "Fix GH-16322: overflow on imageaffine matrix argument."
@cmb69 cmb69 reopened this Oct 10, 2024
@cmb69
Copy link
Member

cmb69 commented Oct 10, 2024

This ticket has been closed accidentially.

devnexen added a commit to devnexen/php-src that referenced this issue Oct 10, 2024
@devnexen
Fix phpGH-16322: imageaffine overflow on affine argument.
7590da5
devnexen added a commit to devnexen/php-src that referenced this issue Oct 10, 2024
@devnexen
Fix phpGH-16322: imageaffine overflow on affine argument.
1bcfc83
@cmb69 cmb69 linked a pull request Oct 10, 2024 that will close this issue
Fix GH-16322: imageaffine overflow on affine argument. #16334
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@devnexen devnexen

Labels
Bug Extension: gd Status: Verified
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix GH-16322: imageaffine overflow on affine argument. devnexen/php-src
3 participants
@cmb69 @devnexen @YuanchengJiang