php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #64823 Thread-safe PHP GD fails to to find TrueType font without path
Submitted: 2013-05-12 15:28 UTC Modified: 2018-04-03 22:29 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:0 (0.0%)
Same OS:3 (100.0%)
From: lbayuk at users dot sourceforge dot net Assigned:
Status: Verified Package: GD related
PHP Version: 5.4.15 OS: All
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: lbayuk at users dot sourceforge dot net
New email:
PHP Version: OS:

 

 [2013-05-12 15:28 UTC] lbayuk at users dot sourceforge dot net 
Description:
------------
The $font parameter in the GD extension function imagettftext() should accept a filename without path, and per the PHP manual GD should search for that font file using a library-defined font path or GDFONTPATH environment variable.

This works, but only if PHP was built without thread-safety. If PHP is built with thread safety, it is unable to find TrueType font files using the search path (GDFONTPATH or the built-in default).

(I think this is happening because when ZTS is defined, VIRTUAL_DIR is defined, and that causes the GD function php_imagettftext_common() to run the font argument through VCWD_REALPATH(). That fails when the font argument is not a complete file path.)

Also, if you build PHP with Apache2 (--with-apx2), you will get a thread-safe PHP if your Apache installation is configured to use the Event MPM or Worker MPM, and a non-thread-safe PHP if your Apache installation is configured to use the Pre-fork MPM. This results in the really strange situation where whether GD can find a TTF font file on the search path depends on which Apache MPM was configured when you built PHP.

Test script:
---------------
<?php
$font = 'Arial.ttf';  // This is for Windows. Change the name for others.
$im = imagecreate(600, 400);
$background_color = imagecolorallocate($im, 255, 255, 255);
$text_color = imagecolorallocate($im, 0, 0, 255);
imagettftext($im, 14, 0, 20, 200, $text_color, $font, 'Font Test');
imagepng ($im);

Expected result:
----------------
Creates a PNG image file on standard output, with the text 'Font Test'.

Actual result:
--------------
When using non-thread-safe PHP, the expected result.

When using thread-safe PHP, a warning message, and no text is drawn: "PHP Warning:  imagettftext(): Invalid font filename in ..."

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-12-09 23:45 UTC] cmb@php.net 
Related To: Bug #75656
 [2018-04-03 22:29 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2018-04-03 22:29 UTC] cmb@php.net 
> I think this is happening because when ZTS is defined,
> VIRTUAL_DIR is defined, and that causes the GD function
> php_imagettftext_common() to run the font argument through
> VCWD_REALPATH(). That fails when the font argument is not a
> complete file path.

That's dead-on![1]  However, the issue is actually more complex,
since the fontpath can actually contain multiple paths separated
by semicolon.  So, for instance, passing
'C:/Windows/Fonts/arial.ttf;C:/Windows/Fonts/tahoma.ttf' would
also fail.

It seems to me that we either have to drop the open_basedir check
altogether (which *might* introduce security issues), or that we'd
have to split the fontpath and check all paths plus regarding
libgd's default fontpath.  Either way, we'd have to fix the code
using VCWD_REALPATH as well.  One particular problem is that libgd
does not expose the DEFAULT_FONTPATH.

[1] <https://github.com/php/php-src/blob/PHP-7.1.16/ext/gd/gd.c#L3907-L3917>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Nov 24 05:01:32 2024 UTC