php-src/ext/gd/tests/bug66356.phpt
Michael Orlitzky 0aaad46c15 Fix most external GD 2.3.3 compatibility
* ext/gd/tests/bug45799.phpt: tweak to work with external gd.

The expected output from this test contains an extra newline with
gd-2.3.3 from the system (Gentoo). Adding a whitespace wildcard takes
care of it, and the test still passes with the bundled version of gd.

* ext/gd/tests: external gd-2.3.3 compatibility.

Support for the legacy "gd" image format was removed from gd-2.3.3
upstream:
  https://github.com/libgd/libgd/blob/master/CHANGELOG.md#233---2021-09-12

Several tests for the gd extension utilize that format, and naturally
fail when gd-2.3.3 from the system is used. This commit skips those
tests when the version of gd is at least 2.3.3.

* ext/gd/tests/bug73159.phpt: skip with external gd >= 2.3.3

This test uses the imagegd2() function to check that
  https://github.com/libgd/libgd/issues/289

is fixed. When an external gd without support for the "gd" format is
used, no error is thrown, but a nonsense result is printed: this is
normal. The corresponding upstream test is disabled in that situation;
it's not expected to work.

This commit skips the corresponding PHP test under the same
circumstances to fix a test failure with external gd >= 2.3.3.

* ext/gd/tests/bug73155.phpt: skip with external gd >= 2.3.3

This test uses the imagegd2() function to check that
  https://github.com/libgd/libgd/issues/309

is fixed. When an external gd without support for the "gd" format is
used, no error is thrown, but a nonsense result is printed: this is
normal. The corresponding upstream test is disabled in that situation;
it's not expected to work.

This commit skips the corresponding PHP test under the same
circumstances to fix a test failure with external gd >= 2.3.3.

* ext/gd/tests/bug73157.phpt: skip with external gd >= 2.3.3

This test ensures that the third (chunk_size) parameter to imagegd2()
is respected when a fourth parameter is also given. However, when an
external gd without support for the "gd" format is used, the call to
imagegd2() does not really work at all. It doesn't fail, but it
produces an "image" with a nonsense chunk size.

To avoid failures when an external gd >= 2.3.3 is used, we skip the
test entirely in that case.

* ext/gd/tests/bug77973.phpt: accept lowercase "Invalid"

This test fails with an external gd because the test expects "Invalid"
where upstream gd says "invalid". This commit tweaks the expected
output to accept an arbitrary character in the i/I position.

* ext/gd/tests/bug39780_extern.phpt: update for external gd-2.3.3.

Since there are no CI runs with external gd, I can only assume that
this test has fallen out-of-date due to changes in PHP itself. I've
tweaked the expected output (only slightly) so that the test passes
with both gd-2.3.2 and gd-2.3.3.

* ext/gd/tests/bug66356.phpt: update expected output for external gd.

Newer (external) versions of GD start their error messages with
lowercase characters, whereas this test is expecting them in
uppercase. A single-character wildcard now supports both formats.

* ext/gd/tests/imagegd_truecolor.phpt: skip with external gd >= 2.3.3.

This test uses the imagegd() function, but the "gd" format has been
disabled by default in upstream gd-2.3.3. We still get some kind of
image data back from the call to imagegd(), but its "signature",
"truecolor", and "size" no longer match the expected values. This
commit skips the test when an external gd >= 2.3.3 is used.

* ext/gd/tests/createfromwbmp2_extern.phpt: update for external gd-2.3.3.
* ext/gd/tests/libgd00086_extern.phpt: update for external gd-2.3.3.

Since there are no CI runs with external gd, I can only assume that
this test has fallen out-of-date due to changes in PHP itself. I've
tweaked the expected output (only slightly) so that the test passes
with both gd-2.3.2 and gd-2.3.3.

* ext/gd/tests/bug77272.phpt: update expected output for external gd.

Newer (external) versions of GD start their error messages with
lowercase characters, whereas this test is expecting them in
uppercase. A single-character wildcard now supports both formats.

* ext/gd/tests/bug77479.phpt: update for newer external gd.

This test fails with gd-2.3.3 (at least) due to minor capitalization
and whitespace issues. We add some wildcards to account for the
difference.

Closes GH-11257.
Closes GH-11262.
Closes GH-11264.
Closes GH-11280.
2023-07-06 21:39:40 +02:00

52 lines
1.2 KiB
PHP

--TEST--
Bug #66356 (Heap Overflow Vulnerability in imagecrop())
--EXTENSIONS--
gd
--FILE--
<?php
$img = imagecreatetruecolor(10, 10);
// POC #1
var_dump(imagecrop($img, array("x" => "a", "y" => 0, "width" => 10, "height" => 10)));
$arr = array("x" => "a", "y" => "12b", "width" => 10, "height" => 10);
var_dump(imagecrop($img, $arr));
print_r($arr);
// POC #2
var_dump(imagecrop($img, array("x" => 0, "y" => 0, "width" => -1, "height" => 10)));
// POC #3
var_dump(imagecrop($img, array("x" => -20, "y" => -20, "width" => 10, "height" => 10)));
// POC #4
var_dump(imagecrop($img, array("x" => 0x7fffff00, "y" => 0, "width" => 10, "height" => 10)));
// bug 66815
var_dump(imagecrop($img, array("x" => 0, "y" => 0, "width" => 65535, "height" => 65535)));
?>
--EXPECTF--
object(GdImage)#2 (0) {
}
object(GdImage)#2 (0) {
}
Array
(
[x] => a
[y] => 12b
[width] => 10
[height] => 10
)
Warning: imagecrop(): %cne parameter to a memory allocation multiplication is negative or zero, failing operation gracefully
in %s on line %d
bool(false)
object(GdImage)#2 (0) {
}
object(GdImage)#2 (0) {
}
Warning: imagecrop(): %croduct of memory allocation multiplication would exceed INT_MAX, failing operation gracefully
in %s on line %d
bool(false)