-
Notifications
You must be signed in to change notification settings - Fork 7.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A bug with imagerotate() using an angle -27, -90, 90 and 180 #2104
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(cherry picked from commit 629e4da)
* pull-request/1982: Update PHP 5.5 NEWS entries with CVE info
The SQL Server Native Client 11.0 and maybe other ODBC drivers report NVARCHAR(MAX) columns as SQL_WVARCHAR with size 0. This causes too small a buffer to be emalloc'd, likely causing a segfault in the following. As we don't know the real size of the column data, we treat such colums as SQL_WLONGVARCHAR. The related bug #67437 suggests that some drivers report a size of ~4GB. It is not certain that this is really the case (there might be some integer overflow involved, and anyway, there has been no feedback), so we do not cater for this now. However, it would not be hard to treat all sizes above a certain threshold in a similar way, i.e. as SQL_WLONGVARCHAR. (cherry picked from commit 16db4d1) (cherry picked from commit 344ff5d)
The following changes are made: - _SERVER/_ENV only has HTTP_PROXY if the local environment has it, and only one from the environment. - getenv('HTTP_PROXY') only returns one from the local environment - getenv has optional second parameter, telling it to only consider local environment
All existing systems zero anonymously mmapped memory, and if I understand correctly POSIX will be specifying this soon. Many projects already rely on it, so no reasonable system would return memory of unspecified value.
directive Trying to start PHP-FPM with the --allow-to-run-as-root flag will not work when the user directive is not given in the FPM worker pool configuration. Parsing the config will fail. Consequently, FPM cannot start. The check is in place to prevent FPM from getting started with root privileges by accident. Prior to #61295 the check would also prevent any non-root user to start PHP-FPM without a user directive present. This patch adds an additional check to the config parser, checking for the --allow-to-run-as-root flag to be present. If so, parsing will no longer abort for root users even if the user directive is missing. I will also update the PHP docs since they still state the user directive is a mandatory setting which it is not since #61295.
… flag indicating presence of PDO::PARAM_INPUT_OUTPUT.
To avoid that the test stalls, we must always use `t` mode.
To be able to build the dba extension on Windows, libdb was required. This is contrary to *nix where each handler can be configured individually. To avoid BC breaks, we only do minimal modifications, instead of adjusting the Windows configuration to match the *nix configuration, for now.
This reverts commit ad76e8a. After a discussion with Anatol it seems to be better QA wise to not make this change in stable versions or betas.
The issue is caused by an integer overflow when the `long` passed as XML_OPTION_SKIP_TAGSTART is assigned to `xml_parser::toffset` which is declared as `int`. We can simply work around this issue, by clipping resulting negative values to 0 (and raising a notice in this case), because the reasonable range for this value is certainly catered to by positive `int`s. However, there still remains the issue that `xml_parser::toffset` is later added to `char *`s, which can cause OOB reads, so we make sure that the upper bound never exceeds the strlen(). We eschew optimizing `SKIP_TAGSTART` wrt. to the potentially duplicate strlen() call, because that code path is unexpected anyway.
According to the Unicode specification (at least as of 5.1), CRLF sequences are considered to be a single grapheme. We cater to that special case by letting grapheme_ascii_check() fail. While it would be trivial to fix grapheme_ascii_check() wrt. grapheme_strlen(), grapheme_substr() and grapheme_strrpos() would be much harder to handle, so we accept the slight performance penalty if CRLF is involved.
…_buffer (zend_gc.c:260))
* 'PHP-5.6' of git.php.net:/php-src: Improvements to fix #72714, suggested by nikic Fix #65732: grapheme_*() is not Unicode compliant on CR LF sequence Fix #72714: _xml_startElementHandler() segmentation fault update NEWS Fixed bug #72852 imap_mail null dereference Revert "Fix dba configuration for Windows" Fix dba configuration for Windows Fix broken test include fix NEWS Add myself as PDO_OCI maintainer
… images We must not copy transparent pixels, see <libgd/libgd@daac285c>.
…ages The proper code to handle true-color to palette copies is already contained in gdImageCopy(), so we can simply remove the buggy duplicated code.
We properly clean up after ourselves wrt. to closing opened file pointers and created images.
We're backporting commit 9e309a2 to PHP-5.6, because it is a bugfix.
If we have the position already from the last fetch, we also have to preset the current group, because it won't be read again.
+ signs in the browscap patterns are meant to be literal characters, so we have to escape them for the regex matching.
Added LSPHPRC support. update LiteSpeed SAPI version to 6.10 .
…ed by password_verify
We must not pass negative sizes to a size_t parameter.
`from` and `len` are `long`, but get passed to mbfl_substr() which expects `int`s. Therefore we clamp the values to avoid the undefined conversion behavior.
Bugs should be reported on https://bugs.php.net. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi, I'm using "4.0.0-kali1-amd64 #1 SMP Debian" with a php version "PHP 5.6.24-0+deb8u1 (cli) (built: Jul 26 2016 08:17:07)"
This is the full php file that I'm using
$im=imagerotate($im, -27, $trans_colour);
If I use an angle different to -27 like -28, I get a transparent png image rotated by this angle with a dimensions resized from 555x200 to 584x437 because of the rotation and this is logical.
But, only with the angle -27 in imagerotate() will get a black image with a dimensions inversed from 555x200 to 200x555.
It's like the angle changes from -27 to -90 or 90
Another problem, when the angle is -90 or 90 or 180 the image will loose the transparency and will be black.
So those two problems are caused by the same thing.
I don't know if there is other angles having this problem.
PS: If this bug is fixed, it will be applied to the php if we upgrade it ? because php is installed with apt-get not with git clone
Thanks