Commit 93865a4

committed

Fix GH-19578: imagefilledellipse underflow on width argument.

1 parent 2f16221 commit 93865a4Copy full SHA for 93865a4

File tree

+56

-0

lines changed

+56

-0

lines changed

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,10 @@ PHP NEWS`
`29`	`29`	`- FPM:`
`30`	`30`	`. Fixed failed debug assertion when php_admin_value setting fails. (ilutov)`
`31`	`31`
	`32`	`+- GD:`
	`33`	`+ . Fixed bug GH-19579 (imagefilledellipse underflow on width argument).`
	`34`	`+ (David Carlier)`
	`35`	`+`
`32`	`36`	`- OpenSSL:`
`33`	`37`	`. Fixed bug GH-19245 (Success error message on TLS stream accept failure).`
`34`	`38`	`(Jakub Zelenka)`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -832,6 +832,11 @@ PHP_FUNCTION(imagefilledellipse)`
`832`	`832`	`RETURN_THROWS();`
`833`	`833`	`}`
`834`	`834`
	`835`	`+ if (w < 0 \|\| ZEND_LONG_INT_OVFL(w)) {`
	`836`	`+ zend_argument_value_error(4, "must be between 0 and %d", INT_MAX);`
	`837`	`+ RETURN_THROWS();`
	`838`	`+ }`
	`839`	`+`
`835`	`840`	`im = php_gd_libgdimageptr_from_zval_p(IM);`
`836`	`841`
`837`	`842`	`gdImageFilledEllipse(im, cx, cy, w, h, color);`

Lines changed: 27 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,27 @@`
	`1`	`+--TEST--`
	`2`	`+GH-19578: imagefilledellipse underflow on width argument`
	`3`	`+--EXTENSIONS--`
	`4`	`+gd`
	`5`	`+--SKIPIF--`
	`6`	`+<?php`
	`7`	`+if (PHP_INT_SIZE != 8) die('skip this test is for 64bit platforms only');`
	`8`	`+?>`
	`9`	`+--FILE--`
	`10`	`+<?php`
	`11`	`+$src = imagecreatetruecolor(255, 255);`
	`12`	`+`
	`13`	`+try {`
	`14`	`+ imagefilledellipse($src, 0, 0, PHP_INT_MAX, 254, 0);`
	`15`	`+} catch (\ValueError $e) {`
	`16`	`+ echo $e->getMessage(), PHP_EOL;`
	`17`	`+}`
	`18`	`+`
	`19`	`+try {`
	`20`	`+ imagefilledellipse($src, 0, 0, -16, 254, 0);`
	`21`	`+} catch (\ValueError $e) {`
	`22`	`+ echo $e->getMessage();`
	`23`	`+}`
	`24`	`+?>`
	`25`	`+--EXPECTF--`
	`26`	`+imagefilledellipse(): Argument #4 ($width) must be between 0 and %d`
	`27`	`+imagefilledellipse(): Argument #4 ($width) must be between 0 and %d`

Lines changed: 20 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,20 @@`
	`1`	`+--TEST--`
	`2`	`+GH-19578: imagefilledellipse underflow on width argument`
	`3`	`+--EXTENSIONS--`
	`4`	`+gd`
	`5`	`+--SKIPIF--`
	`6`	`+<?php`
	`7`	`+if (PHP_INT_SIZE != 4) die('skip this test is for 32bit platforms only');`
	`8`	`+?>`
	`9`	`+--FILE--`
	`10`	`+<?php`
	`11`	`+$src = imagecreatetruecolor(255, 255);`
	`12`	`+`
	`13`	`+try {`
	`14`	`+ imagefilledellipse($src, 0, 0, -16, 254, 0);`
	`15`	`+} catch (\ValueError $e) {`
	`16`	`+ echo $e->getMessage();`
	`17`	`+}`
	`18`	`+?>`
	`19`	`+--EXPECTF--`
	`20`	`+imagefilledellipse(): Argument #4 ($width) must be between 0 and %d`

Comments

(0)