PHP :: Bug #77272 :: imagescale() may return image resource on failure

Bug #77272	imagescale() may return image resource on failure
Submitted:	2018-12-09 15:28 UTC	Modified:	2019-01-10 12:11 UTC
From:	cmb@php.net	Assigned:	cmb (profile)
Status:	Closed	Package:	GD related
PHP Version:	7.2.13	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	cmb@php.net
New email:
PHP Version:		OS:

New Comment:

[2018-12-09 15:28 UTC] cmb@php.net

Description:
------------
If either dimension of an image passed to imagescale() is greater
than or equal to 0x1000000‬, the image cannot be scaled, but still
gdImageScale() of the *bundled* libgd would return a (blank)
image.  This issue is fixed in upstream libgd as of 2.2.3.

Note that the reproduce script given below requires an appropriate
fix for bug #77269 regarding bundled libgd (otherwise we likely
hit a segfault), and a master build of upstream libgd (otherwise
the original image couldn't be allocated in the first place[1]).

[1] <https://github.com/libgd/libgd/commit/c3cf674cb444696a36f720f785878b41225af063>

Test script:
---------------
<?php
$img = imagecreate(2**28, 1);
var_dump(imagescale($img, 1, 1, IMG_TRIANGLE));


Expected result:
----------------
Warning: imagescale(): gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully
 in %s on line %d
bool(false)


Actual result:
--------------
Warning: imagescale(): gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully
 in %s on line %d
resource(%d) of type (gd)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2018-12-09 15:29 UTC] cmb@php.net

-Assigned To: +Assigned To: cmb

[2018-12-09 15:29 UTC] cmb@php.net

Actually, this is not a security issue, but nonetheless should
kept private until bug #77269 is resolved, since the reproduce
script would hint at that bug.

[2018-12-09 15:29 UTC] cmb@php.net

-Type: Security +Type: Bug

[2018-12-09 22:19 UTC] cmb@php.net

Related To: Bug #77269

[2019-01-10 13:27 UTC] cmb@php.net

Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=772b1cb245ebe19e220a2552d1e2b700d15f2c68
Log: Fix #77272: imagescale() may return image resource on failure

[2019-01-10 13:27 UTC] cmb@php.net

-Status: Assigned +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 11:01:29 2024 UTC