MFH: - Fixed bug #30120 (imagettftext() and imagettfbbox() accept too many parameters)

diff --git a/NEWS b/NEWS
index f0fba652bbbb55a7a087ad4eaffbc4df8d88fa85..d306bbb6d2dfb16fafe7b7afce2470ddee5cdbc5 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -27,6 +27,8 @@ PHP                                                                        NEWS
 - Fixed bug #31055 (apache2filter: per request leak proportional to the full
   path of the request URI). (kameshj at fastmail dot fm)
 - Fixed bug #30446 (apache2handler: virtual() includes files out of sequence)
+- Fixed bug #30120 (imagettftext() and imagettfbbox() accept too many
+  parameters). (Jani)
 - Fixed bug #28930 (PHP sources pick wrong header files generated by bison).
   (eggert at gnu dot org, Jani)
 - Fixed bug #28074 (FastCGI: stderr should be written in a FCGI stderr stream).

diff --git a/ext/gd/gd.c b/ext/gd/gd.c
index f62bf6409309608fcfbcde7e5e9b8b622298cafd..f099f1b2bd195757a457d160f3adb64d4e027728 100644 (file)
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -3125,11 +3125,11 @@ static void php_imagettftext_common(INTERNAL_FUNCTION_PARAMETERS, int mode, int
        argc = ZEND_NUM_ARGS();
 
        if (mode == TTFTEXT_BBOX) {
-               if (argc < 4 || argc > 5 || zend_get_parameters_ex(argc, &PTSIZE, &ANGLE, &FONTNAME, &C, &EXT) == FAILURE) {
+               if (argc < 4 || argc > ((extended) ? 5 : 4) || zend_get_parameters_ex(argc, &PTSIZE, &ANGLE, &FONTNAME, &C, &EXT) == FAILURE) {
                        ZEND_WRONG_PARAM_COUNT();
                }
        } else {
-               if (argc < 8 || argc > 9 || zend_get_parameters_ex(argc, &IM, &PTSIZE, &ANGLE, &X, &Y, &COL, &FONTNAME, &C, &EXT) == FAILURE) {
+               if (argc < 8 || argc > ((extended) ? 9 : 8) || zend_get_parameters_ex(argc, &IM, &PTSIZE, &ANGLE, &X, &Y, &COL, &FONTNAME, &C, &EXT) == FAILURE) {
                        ZEND_WRONG_PARAM_COUNT();
                }
                ZEND_FETCH_RESOURCE(im, gdImagePtr, IM, -1, "Image", le_gd);