Fix #77198: auto cropping has insufficient precision
We apply the upstream patch[1], and also fix the erroneous bailout at
the end of `gdImageAutoCrop()`, since `crop.x` and `crop.y` may very
well be zero.
Fix #77195: Incorrect error handling of imagecreatefromjpeg()
The broken JPEG image triggers a notice, two warnings and outputs a
message to stderr directly. The additional notice is pretty useless,
and the direct output to stderr is bad. Therefore, we port the
relevant differences from upstream to our bundled libgd. This leaves
us with two warnings; the first one is triggered by libjpeg and shows
the actual problem, the second one is triggered by our libgd wrapper
whenever an image can't be read, what may not have necessarily
triggered a warning before.
Fix #77177: Serializing or unserializing COM objects crashes
Firstly, we avoid returning NULL from the get_property handler, but
instead return an empty HashTable, which already prevents the crashes.
Secondly, since (de-)serialization obviously makes no sense for COM,
DOTNET and VARIANT objects (at least with the current implementation),
we prohibit it right away.
If the library is built with ZEND_SIGNALS defined, it's unusable with an
external SAPI module because the zend_signal_startup() call is mandatory
in this case.
This bug is similar to #74149, but related to dynamic loading of PHP library.
Anatol Belski [Fri, 16 Nov 2018 22:19:33 +0000 (23:19 +0100)]
Fixed bug #77111 php-win.exe corrupts unicode symbols from cli parameters
The binary can be of course used on console, for whatever reasons, so
UNICODE API should be used in that case. That might however not work as
expected, if the binary is used for a service.
Anatol Belski [Wed, 14 Nov 2018 21:23:24 +0000 (22:23 +0100)]
Rework magic data once more
The change reduces the input size on patterns using posix character
classes. It is still better than reverting to the patterns from the
older version, as the upstream data uses posix classes also in the later
versions. The input reduction speeds up the pattern matching in some
cases.
This patch is functionally almost same as upstream, but might show some diff
when the input is very long. While the magic data in the newer versions is
functionally an improvement, with jit=0 it might show a performance regression.
The slowdown is negligible in the normal usage and is still acceptable for the
malicious input. If some functional regressions show up, this patch should be
reverted and the tests timing should be adapted instead.
Fix #77147: Fix for 60494 ignores ICONV_MIME_DECODE_CONTINUE_ON_ERROR
If the `ICONV_MIME_DECODE_CONTINUE_ON_ERROR` flag is set, parsing
should not fail, if there are illegal characters in the headers;
instead we silently ignore these like before.
Anatol Belski [Sat, 10 Nov 2018 00:28:23 +0000 (01:28 +0100)]
Rework magic data
Avoid patching where vanilla data suffices. More precisely, avoid data
using [:space:] posix class in regex, as it is likely to cause performance
regressions.
Apparently, the presence of `cpuid.h` is not necessarily sufficient to
guarantee the availability of `__cpuid_count()`. We therefore test for
the latter explicitly.
Anatol Belski [Sun, 4 Nov 2018 12:11:28 +0000 (13:11 +0100)]
Rework places in libmagic regarding previous CVE-2014-3538 fixes
CVE-2014-3538 was fixed upstream, but the old patch was still kept in
the PHP port. This patch causes performance regressions when PCRE JIT is
not enabled. This is fixed by applying the relevant original code from
the newer libmagic, which makes the old patch obsolete as the
CVE-2014-3538 tests still pass.
Anatol Belski [Sat, 3 Nov 2018 19:29:51 +0000 (20:29 +0100)]
Change the way JIT availability is checked
The pcre2_jit_compile_8 sysmbol is always available, even JIT might be
not. If JIT is not enabled explicitly and is enabled in the PHP runtime,
this will lead to a malfunction. This approach ensures JIT is indeed
available on the given platform. For cross compilation this might get
complicated, as it would require an explicit processor architecture and
PCRE2 version check.
Another solution for this case is to run pcre2_config at runtime. That
however would require more condition checks that would impact
architectures where JIT is available.