Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix GH-16322: imageaffine overflow on affine argument. #16334

Closed
wants to merge 2 commits into from
Closed

Fix GH-16322: imageaffine overflow on affine argument. #16334

wants to merge 2 commits into from

Conversation

devnexen
Copy link
Member

@devnexen devnexen commented Oct 9, 2024

No description provided.

cmb69 added a commit that referenced this pull request Oct 9, 2024
@cmb69
Revert "Fix GH-16322: overflow on imageaffine matrix argument."
9b64d32 
This reverts commit 0511426, since it
apparently has been pushed inadvertently (see PR #16334).
@devnexen devnexen force-pushed the gh16322 branch 2 times, most recently from bc91602 to 2a070dc Compare October 9, 2024 23:37
@devnexen devnexen marked this pull request as ready for review October 9, 2024 23:54
cmb69
cmb69 reviewed Oct 10, 2024
View reviewed changes
ext/gd/gd.c Outdated
break;
case IS_DOUBLE:
affine[i] = Z_DVAL_P(zval_affine_elem);
if (ZEND_LONG_EXCEEDS_INT(affine[i])) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this will work on 32bit platforms, since ZEND_LONG_EXCEEDS_INT() is a no-op there, but users can pass a matrix like [9223372036854775807., 1, 1, 1, 1, 1]. Same for the IS_STRING case below.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you re right I always forget.

@cmb69 cmb69 linked an issue Oct 10, 2024 that may be closed by this pull request
Unexpected value in ext/gd/libgd/gd_interpolation.c:2443 #16322
Closed
cmb69
cmb69 approved these changes Oct 11, 2024
View reviewed changes
Copy link
Member

@cmb69 cmb69 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! Looks generally good to me, and I don't see any particular issues with constraining the range of the matrix elements.

ext/gd/gd.c
@@ -3687,13 +3687,25 @@ PHP_FUNCTION(imageaffine)
if ((zval_affine_elem = zend_hash_index_find(Z_ARRVAL_P(z_affine), i)) != NULL) {
switch (Z_TYPE_P(zval_affine_elem)) {
case IS_LONG:
affine[i] = Z_LVAL_P(zval_affine_elem);
affine[i] = Z_LVAL_P(zval_affine_elem);
if (affine[i] < INT_MIN || affine[i] > INT_MAX) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This guard could use ZEND_LONG_EXCEEDS_INT(), but for consistency it maybe better this way (and the compiler will optimize away anyway).

ext/gd/tests/gh16322.phpt Outdated
--INI--
memory_limit=-1
--SKIPIF--
<?php if (PHP_INT_SIZE != 8) die('skip this test is for 64bit platforms only'); ?>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The test could make sense on 32bit platforms, too, if instead of PHP_INT_MIN and PHP_INT_MAX doubles would be used.

@devnexen devnexen closed this in f2859a4 Oct 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cmb69 cmb69 cmb69 approved these changes

Assignees
No one assigned
Labels
Extension: gd
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Unexpected value in ext/gd/libgd/gd_interpolation.c:2443
2 participants
@devnexen @cmb69