php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #73479 Invalid string passed into imagecreatefromstring causes fatal error
Submitted: 2016-11-08 17:28 UTC Modified: 2017-08-30 12:09 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: dougnelson at silktide dot com Assigned: cmb (profile)
Status: Closed Package: GD related
PHP Version: 7.0.12 OS: Ubuntu 14.04
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dougnelson at silktide dot com
New email:
PHP Version: OS:

 

 [2016-11-08 17:28 UTC] dougnelson at silktide dot com 
Description:
------------
Using:
gd
GD Support => enabled
GD Version => bundled (2.1.0 compatible)

Running the below test code that attempts to create a JPG using imagecreatefromstring will cause a E_WARNING, but not a fatal error.

Using:
gd
GD Support => enabled
GD headers Version => 2.2.3
GD library Version => 2.2.3

To run the same test code cases a fatal exception that is unable to be caught.

Test script:
---------------
http://pastebin.com/cgBkb6Cz

Expected result:
----------------
An E_WARNING warning of the same.

Actual result:
--------------
PHP Fatal error:  imagecreatefromstring(): gd-jpeg: JPEG library reports unrecoverable error: Invalid JPEG file structure: SOS before SOF in /tmp/foo.php on line 7

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-11-09 17:00 UTC] cmb@php.net
-Status: Open +Status: Analyzed -Assigned To: +Assigned To: cmb
 [2016-11-09 17:00 UTC] cmb@php.net 
I can confirm this issue.

It seems to me that should be addressed in libgd[1],
where libgd raises a GD_ERROR in case an "unrecoverable" error is
detected, but nonetheless is able to resume; note that if libgd can't
resume, also a GD_ERROR is raised, but exit() is called immediately
afterwards.

[1] <https://github.com/libgd/libgd/blob/gd-2.2.3/src/gd_jpeg.c#L100-L119>
 [2016-11-09 17:09 UTC] cmb@php.net
-Status: Analyzed +Status: Suspended
 [2016-11-09 17:09 UTC] cmb@php.net 
I've filed a respective ticket:
<https://github.com/libgd/libgd/issues/338>. Let's wait how this will be
handled.
 [2016-11-14 15:43 UTC] cmb@php.net 
Related To: Bug #73514
 [2017-01-24 13:22 UTC] cmb@php.net 
Related To: Bug #73986
 [2017-08-16 16:30 UTC] cmb@php.net
-Assigned To: cmb +Assigned To:
 [2017-08-30 12:09 UTC] cmb@php.net
-Status: Suspended +Status: Closed -Assigned To: +Assigned To: cmb
 [2017-08-30 12:09 UTC] cmb@php.net 
This issue is supposed to be solved by libgd 2.2.5 which just has
been released. Therefore I'm closing this ticket.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Nov 23 16:01:27 2024 UTC