Fix #77195: Incorrect error handling of imagecreatefromjpeg()

The broken JPEG image triggers a notice, two warnings and outputs a
message to stderr directly.  The additional notice is pretty useless,
and the direct output to stderr is bad.  Therefore, we port the
relevant differences from upstream to our bundled libgd.  This leaves
us with two warnings; the first one is triggered by libjpeg and shows
the actual problem, the second one is triggered by our libgd wrapper
whenever an image can't be read, what may not have necessarily
triggered a warning before.

diff --git a/NEWS b/NEWS
index ff727d535958456c4a62af9705fae4f033b1c8c8..cdd38f5e58853435ddf96ec876cb1710c0f3cf97 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,9 @@ PHP                                                                        NEWS
 - COM:
   . Fixed bug #77177 (Serializing or unserializing COM objects crashes). (cmb)
 
+- GD:
+  . Fixed bug #77195 (Incorrect error handling of imagecreatefromjpeg()). (cmb)
+
 - Sockets:
   . Fixed bug #77136 (Unsupported IPV6_RECVPKTINFO constants on macOS).
     (Mizunashi Mana)

diff --git a/ext/gd/libgd/gd_jpeg.c b/ext/gd/libgd/gd_jpeg.c
index 23d161631d26e192b7f3934ccc4ecff71ed0ec02..473de06f0e1093e03bd2fff97675ffa6226fc9ed 100644 (file)
--- a/ext/gd/libgd/gd_jpeg.c
+++ b/ext/gd/libgd/gd_jpeg.c
@@ -67,14 +67,18 @@ static long php_jpeg_emit_message(j_common_ptr jpeg_info, int level)
                 * unless strace_level >= 3
                 */
                if ((jpeg_info->err->num_warnings == 0) || (jpeg_info->err->trace_level >= 3)) {
-                       gd_error_ex(ignore_warning ? GD_NOTICE : GD_WARNING, "gd-jpeg, libjpeg: recoverable error: %s\n", message);
+                       if (!ignore_warning) {
+                               gd_error("gd-jpeg, libjpeg: recoverable error: %s\n", message);
+                       }
                }
 
                jpeg_info->err->num_warnings++;
        } else {
                /* strace msg, Show it if trace_level >= level. */
                if (jpeg_info->err->trace_level >= level) {
-                       gd_error_ex(GD_NOTICE, "gd-jpeg, libjpeg: strace message: %s\n", message);
+                       if (!ignore_warning) {
+                               gd_error("gd-jpeg, libjpeg: strace message: %s\n", message);
+                       }
                }
        }
        return 1;
@@ -86,9 +90,10 @@ static long php_jpeg_emit_message(j_common_ptr jpeg_info, int level)
 static void fatal_jpeg_error (j_common_ptr cinfo)
 {
        jmpbuf_wrapper *jmpbufw;
+       char buffer[JMSG_LENGTH_MAX];
 
-       gd_error("gd-jpeg: JPEG library reports unrecoverable error: ");
-       (*cinfo->err->output_message) (cinfo);
+       (*cinfo->err->format_message)(cinfo, buffer);
+       gd_error_ex(GD_WARNING, "gd-jpeg: JPEG library reports unrecoverable error: %s", buffer);
 
        jmpbufw = (jmpbuf_wrapper *) cinfo->client_data;
        jpeg_destroy (cinfo);

diff --git a/ext/gd/tests/bug77195.jpeg b/ext/gd/tests/bug77195.jpeg
new file mode 100644 (file)
index 0000000..66f92cf
Binary files /dev/null and b/ext/gd/tests/bug77195.jpeg differ

diff --git a/ext/gd/tests/bug77195.phpt b/ext/gd/tests/bug77195.phpt
new file mode 100644 (file)
index 0000000..944a09f
--- /dev/null
+++ b/ext/gd/tests/bug77195.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Bug #77195 (Incorrect error handling of imagecreatefromjpeg())
+--SKIPIF--
+<?php
+if (!extension_loaded('gd')) die('skip gd extension not available');
+if (!gd_info()['JPEG Support']) die('skip JPEG support not available');
+?>
+--FILE--
+<?php
+$filename = __DIR__ . '/bug77195.jpeg';
+@imagecreatefromjpeg($filename);
+imagecreatefromjpeg($filename);
+?>
+===DONE===
+--EXPECTF--
+Warning: imagecreatefromjpeg(): gd-jpeg: JPEG library reports unrecoverable error: JPEG datastream contains no image in %s on line %d
+
+Warning: imagecreatefromjpeg(): '/mnt/c/Users/cmb/php-dev/php-src/ext/gd/tests/bug77195.jpeg' is not a valid JPEG file in %s on line %d
+===DONE===