php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64823 Thread-safe PHP GD fails to to find TrueType font without path
Submitted: 2013-05-12 15:28 UTC Modified: 2018-04-03 22:29 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:0 (0.0%)
Same OS:3 (100.0%)
From: lbayuk at users dot sourceforge dot net Assigned:
Status: Verified Package: GD related
PHP Version: 5.4.15 OS: All
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2013-05-12 15:28 UTC] lbayuk at users dot sourceforge dot net
Description:
------------
The $font parameter in the GD extension function imagettftext() should accept a filename without path, and per the PHP manual GD should search for that font file using a library-defined font path or GDFONTPATH environment variable.

This works, but only if PHP was built without thread-safety. If PHP is built with thread safety, it is unable to find TrueType font files using the search path (GDFONTPATH or the built-in default).

(I think this is happening because when ZTS is defined, VIRTUAL_DIR is defined, and that causes the GD function php_imagettftext_common() to run the font argument through VCWD_REALPATH(). That fails when the font argument is not a complete file path.)

Also, if you build PHP with Apache2 (--with-apx2), you will get a thread-safe PHP if your Apache installation is configured to use the Event MPM or Worker MPM, and a non-thread-safe PHP if your Apache installation is configured to use the Pre-fork MPM. This results in the really strange situation where whether GD can find a TTF font file on the search path depends on which Apache MPM was configured when you built PHP.

Test script:
---------------
<?php
$font = 'Arial.ttf';  // This is for Windows. Change the name for others.
$im = imagecreate(600, 400);
$background_color = imagecolorallocate($im, 255, 255, 255);
$text_color = imagecolorallocate($im, 0, 0, 255);
imagettftext($im, 14, 0, 20, 200, $text_color, $font, 'Font Test');
imagepng ($im);

Expected result:
----------------
Creates a PNG image file on standard output, with the text 'Font Test'.

Actual result:
--------------
When using non-thread-safe PHP, the expected result.

When using thread-safe PHP, a warning message, and no text is drawn: "PHP Warning:  imagettftext(): Invalid font filename in ..."


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-04-03 22:29 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2018-04-03 22:29 UTC] cmb@php.net
> I think this is happening because when ZTS is defined,
> VIRTUAL_DIR is defined, and that causes the GD function
> php_imagettftext_common() to run the font argument through
> VCWD_REALPATH(). That fails when the font argument is not a
> complete file path.

That's dead-on![1]  However, the issue is actually more complex,
since the fontpath can actually contain multiple paths separated
by semicolon.  So, for instance, passing
'C:/Windows/Fonts/arial.ttf;C:/Windows/Fonts/tahoma.ttf' would
also fail.

It seems to me that we either have to drop the open_basedir check
altogether (which *might* introduce security issues), or that we'd
have to split the fontpath and check all paths plus regarding
libgd's default fontpath.  Either way, we'd have to fix the code
using VCWD_REALPATH as well.  One particular problem is that libgd
does not expose the DEFAULT_FONTPATH.

[1] <https://github.com/php/php-src/blob/PHP-7.1.16/ext/gd/gd.c#L3907-L3917>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 06:01:30 2024 UTC