Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A bug with imagerotate() using an angle -27, -90, 90 and 180 #2104

Closed
wants to merge 222 commits into from

Conversation

mohamedaymenkarmous
Copy link

@mohamedaymenkarmous mohamedaymenkarmous commented Aug 30, 2016

Hi, I'm using "4.0.0-kali1-amd64 #1 SMP Debian" with a php version "PHP 5.6.24-0+deb8u1 (cli) (built: Jul 26 2016 08:17:07)"
This is the full php file that I'm using

<?php
$im = imagecreatetruecolor(555, 200);
imagesavealpha($im, true);
$trans_colour = imagecolorallocatealpha($im, 0, 0, 0, 127);
imagefill($im, 0, 0, $trans_colour);

$im=imagerotate($im, -27, $trans_colour);

imagepng($im,"image.png");
imagedestroy($im);
?>

$im=imagerotate($im, -27, $trans_colour);
If I use an angle different to -27 like -28, I get a transparent png image rotated by this angle with a dimensions resized from 555x200 to 584x437 because of the rotation and this is logical.
But, only with the angle -27 in imagerotate() will get a black image with a dimensions inversed from 555x200 to 200x555.
It's like the angle changes from -27 to -90 or 90
Another problem, when the angle is -90 or 90 or 180 the image will loose the transparency and will be black.
So those two problems are caused by the same thing.
I don't know if there is other angles having this problem.
PS: If this bug is fixed, it will be applied to the php if we upgrade it ? because php is installed with apt-get not with git clone
Thanks

smalyshev and others added 30 commits June 26, 2016 18:02
* pull-request/1982:
  Update PHP 5.5 NEWS entries with CVE info
The SQL Server Native Client 11.0 and maybe other ODBC drivers report
NVARCHAR(MAX) columns as SQL_WVARCHAR with size 0. This causes too small a
buffer to be emalloc'd, likely causing a segfault in the following. As we don't
know the real size of the column data, we treat such colums as
SQL_WLONGVARCHAR.

The related bug #67437 suggests that some drivers report a size of ~4GB. It is
not certain that this is really the case (there might be some integer overflow
involved, and anyway, there has been no feedback), so we do not cater for this
now. However, it would not be hard to treat all sizes above a certain threshold
in a similar way, i.e. as SQL_WLONGVARCHAR.

(cherry picked from commit 16db4d1)
(cherry picked from commit 344ff5d)
The following changes are made:
- _SERVER/_ENV only has HTTP_PROXY if the local environment has it,
  and only one from the environment.
- getenv('HTTP_PROXY') only returns one from the local environment
- getenv has optional second parameter, telling it to only consider
  local environment
All existing systems zero anonymously mmapped memory, and if I
understand correctly POSIX will be specifying this soon. Many projects
already rely on it, so no reasonable system would return memory of
unspecified value.
directive

Trying to start PHP-FPM with the --allow-to-run-as-root flag will not
work when the user directive is not given in the FPM worker pool
configuration. Parsing the config will fail. Consequently, FPM cannot
start.

The check is in place to prevent FPM from getting started with root
privileges by accident. Prior to #61295 the check would also prevent
any non-root user to start PHP-FPM without a user directive present.

This patch adds an additional check to the config parser, checking for
the --allow-to-run-as-root flag to be present. If so, parsing will no
longer abort for root users even if the user directive is missing.

I will also update the PHP docs since they still state the user
directive is a mandatory setting which it is not since #61295.
… flag indicating presence of PDO::PARAM_INPUT_OUTPUT.
Tyrael and others added 28 commits August 18, 2016 13:01
To avoid that the test stalls, we must always use `t` mode.
To be able to build the dba extension on Windows, libdb was required. This
is contrary to *nix where each handler can be configured individually. To
avoid BC breaks, we only do minimal modifications, instead of adjusting the
Windows configuration to match the *nix configuration, for now.
This reverts commit ad76e8a.

After a discussion with Anatol it seems to be better QA wise to not make
this change in stable versions or betas.
The issue is caused by an integer overflow when the `long` passed as
XML_OPTION_SKIP_TAGSTART is assigned to `xml_parser::toffset` which is
declared as `int`. We can simply work around this issue, by clipping
resulting negative values to 0 (and raising a notice in this case), because
the reasonable range for this value is certainly catered to by positive
`int`s.

However, there still remains the issue that `xml_parser::toffset` is later
added to `char *`s, which can cause OOB reads, so we make sure that the
upper bound never exceeds the strlen(). We eschew optimizing `SKIP_TAGSTART`
wrt. to the potentially duplicate strlen() call, because that code path is
unexpected anyway.
According to the Unicode specification (at least as of 5.1), CRLF sequences
are considered to be a single grapheme. We cater to that special case by
letting grapheme_ascii_check() fail. While it would be trivial to fix
grapheme_ascii_check() wrt. grapheme_strlen(), grapheme_substr() and
grapheme_strrpos() would be much harder to handle, so we accept the slight
performance penalty if CRLF is involved.
* 'PHP-5.6' of git.php.net:/php-src:
  Improvements to fix #72714, suggested by nikic
  Fix #65732: grapheme_*() is not Unicode compliant on CR LF sequence
  Fix #72714: _xml_startElementHandler() segmentation fault
  update NEWS
  Fixed bug #72852 imap_mail null dereference
  Revert "Fix dba configuration for Windows"
  Fix dba configuration for Windows
  Fix broken test include
  fix NEWS
  Add myself as PDO_OCI maintainer
…ages

The proper code to handle true-color to palette copies is already contained
in gdImageCopy(), so we can simply remove the buggy duplicated code.
We properly clean up after ourselves wrt. to closing opened file pointers
and created images.
We're backporting commit 9e309a2 to PHP-5.6, because it is a bugfix.
If we have the position already from the last fetch, we also have to preset
the current group, because it won't be read again.
+ signs in the browscap patterns are meant to be literal characters, so we
have to escape them for the regex matching.
Added LSPHPRC support.
update LiteSpeed SAPI version to 6.10 .
We must not pass negative sizes to a size_t parameter.
`from` and `len` are `long`, but get passed to mbfl_substr() which expects
`int`s. Therefore we clamp the values to avoid the undefined conversion
behavior.
@nikic
Copy link
Member

nikic commented Aug 30, 2016

Bugs should be reported on https://bugs.php.net.

@nikic nikic closed this Aug 30, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.