From 60a9f7a3a3502bfb7118f7fc5c06f9fdf713efad Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Sat, 24 Nov 2018 12:52:08 +0100 Subject: [PATCH] Fix #77195: Incorrect error handling of imagecreatefromjpeg() The broken JPEG image triggers a notice, two warnings and outputs a message to stderr directly. The additional notice is pretty useless, and the direct output to stderr is bad. Therefore, we port the relevant differences from upstream to our bundled libgd. This leaves us with two warnings; the first one is triggered by libjpeg and shows the actual problem, the second one is triggered by our libgd wrapper whenever an image can't be read, what may not have necessarily triggered a warning before. --- NEWS | 3 +++ ext/gd/libgd/gd_jpeg.c | 13 +++++++++---- ext/gd/tests/bug77195.jpeg | Bin 0 -> 1038 bytes ext/gd/tests/bug77195.phpt | 19 +++++++++++++++++++ 4 files changed, 31 insertions(+), 4 deletions(-) create mode 100644 ext/gd/tests/bug77195.jpeg create mode 100644 ext/gd/tests/bug77195.phpt diff --git a/NEWS b/NEWS index ff727d5359..cdd38f5e58 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,9 @@ PHP NEWS - COM: . Fixed bug #77177 (Serializing or unserializing COM objects crashes). (cmb) +- GD: + . Fixed bug #77195 (Incorrect error handling of imagecreatefromjpeg()). (cmb) + - Sockets: . Fixed bug #77136 (Unsupported IPV6_RECVPKTINFO constants on macOS). (Mizunashi Mana) diff --git a/ext/gd/libgd/gd_jpeg.c b/ext/gd/libgd/gd_jpeg.c index 23d161631d..473de06f0e 100644 --- a/ext/gd/libgd/gd_jpeg.c +++ b/ext/gd/libgd/gd_jpeg.c @@ -67,14 +67,18 @@ static long php_jpeg_emit_message(j_common_ptr jpeg_info, int level) * unless strace_level >= 3 */ if ((jpeg_info->err->num_warnings == 0) || (jpeg_info->err->trace_level >= 3)) { - gd_error_ex(ignore_warning ? GD_NOTICE : GD_WARNING, "gd-jpeg, libjpeg: recoverable error: %s\n", message); + if (!ignore_warning) { + gd_error("gd-jpeg, libjpeg: recoverable error: %s\n", message); + } } jpeg_info->err->num_warnings++; } else { /* strace msg, Show it if trace_level >= level. */ if (jpeg_info->err->trace_level >= level) { - gd_error_ex(GD_NOTICE, "gd-jpeg, libjpeg: strace message: %s\n", message); + if (!ignore_warning) { + gd_error("gd-jpeg, libjpeg: strace message: %s\n", message); + } } } return 1; @@ -86,9 +90,10 @@ static long php_jpeg_emit_message(j_common_ptr jpeg_info, int level) static void fatal_jpeg_error (j_common_ptr cinfo) { jmpbuf_wrapper *jmpbufw; + char buffer[JMSG_LENGTH_MAX]; - gd_error("gd-jpeg: JPEG library reports unrecoverable error: "); - (*cinfo->err->output_message) (cinfo); + (*cinfo->err->format_message)(cinfo, buffer); + gd_error_ex(GD_WARNING, "gd-jpeg: JPEG library reports unrecoverable error: %s", buffer); jmpbufw = (jmpbuf_wrapper *) cinfo->client_data; jpeg_destroy (cinfo); diff --git a/ext/gd/tests/bug77195.jpeg b/ext/gd/tests/bug77195.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..66f92cf94692afd950593bba6cb1a408f9f8e48b GIT binary patch literal 1038 zcmex=*pRf_qd3Yj}5;5l$qpzcVE}t{3r8{ zznvrh=vef$g4+-0+}Dmc6?gHc;`pG7YFrp9__ z{ezEI_?{Mwz2Y0G7qaHv*1NxI&d-0Wr}uEpWmXwG|HF)NcuXo#mj=Tq9x-9S{Qo8ZioBzr literal 0 HcmV?d00001 diff --git a/ext/gd/tests/bug77195.phpt b/ext/gd/tests/bug77195.phpt new file mode 100644 index 0000000000..944a09fc1a --- /dev/null +++ b/ext/gd/tests/bug77195.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #77195 (Incorrect error handling of imagecreatefromjpeg()) +--SKIPIF-- + +--FILE-- + +===DONE=== +--EXPECTF-- +Warning: imagecreatefromjpeg(): gd-jpeg: JPEG library reports unrecoverable error: JPEG datastream contains no image in %s on line %d + +Warning: imagecreatefromjpeg(): '/mnt/c/Users/cmb/php-dev/php-src/ext/gd/tests/bug77195.jpeg' is not a valid JPEG file in %s on line %d +===DONE=== -- 2.40.0