php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66590 imagewebp() doesn't pad to even length
Submitted: 2014-01-27 21:33 UTC Modified: 2015-07-19 15:54 UTC
Votes:14
Avg. Score:4.7 ± 0.6
Reproduced:14 of 14 (100.0%)
Same Version:5 (35.7%)
Same OS:11 (78.6%)
From: hbengali at chromium dot org Assigned: cmb
Status: Closed Package: GD related
PHP Version: 5.6.11 OS: *
Private report: No CVE-ID:
 [2014-01-27 21:33 UTC] hbengali at chromium dot org
Description:
------------
---
From manual page: http://www.php.net/function.imagewebp
---

The latest version of libwebp (0.4.0) needs to be used here. Use of the older version causes inconsistencies when rendering in browsers that use libwebp 0.4.0. For example: https://code.google.com/p/webp/issues/detail?id=185

libwebp 0.4.0 can be found here: https://code.google.com/p/webp/downloads/detail?name=libwebp-0.4.0.tar.gz&can=2&q=


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-01-27 21:45 UTC] bjori@php.net
-Type: Documentation Problem +Type: Bug -Assigned To: +Assigned To: pajoye
 [2014-01-27 21:45 UTC] bjori@php.net
Did you mean to file this as a bug report for the docs?
Seems like this is a problem with the extension rather then the docs?
 [2014-01-27 21:48 UTC] hbengali at chromium dot org
My bad - I did not mean for this to be a bug against the documentation. Thanks for redirecting it.
 [2014-01-28 00:01 UTC] hbengali at chromium dot org
It was brought to my attention that I did not correctly describe the issue. Here is a more accurate summary of what the problem is: 

The code in php (libgd) uses libvpx and writes the riff manually actually. The code generates the correct even size, but neglects the padding. It's possible older versions of libwebp would decode this, but libwebp 0.4.0 does not.
 [2014-01-28 00:43 UTC] hbengali at chromium dot org
Here is a proposed fix from one of the WebP developers with the disclaimer that it is untested and may have incorrect local style.

 diff --git a/ext/gd/libgd/webpimg.c b/ext/gd/libgd/webpimg.c
index 01bef93..ca4e9bc 100644
--- a/ext/gd/libgd/webpimg.c
+++ b/ext/gd/libgd/webpimg.c
@@ -778,6 +778,18 @@ WebPResult WebPEncode(const uint8* Y,
 										(chunk_size >> 16) & 255,
 										(chunk_size >> 24) & 255 };
 	  memcpy(*p_out, kRiffHeader, kRiffHeaderSize);
+	  if (img_size_bytes & 1) {  /* write a padding byte */
+		const int new_size = *p_out_size_bytes + 1;
+		unsigned char* p = (unsigned char*)realloc(*p_out, new_size);
+		if (p == NULL) {
+		  free(*p_out);
+		  *p_out = NULL;
+		  *p_out_size_bytes = 0;
+		  return webp_failure;
+		}
+		p[new_size - 1] = 0;
+		*p_out_size_bytes = new_size;
+	  }
 
 	  if (psnr) {
 		*psnr = WebPGetPSNR(Y, U, V, *p_out, *p_out_size_bytes);
 [2015-07-19 15:07 UTC] cmb@php.net
-Summary: libwebp version used in imagewebp is out of date +Summary: imagewebp() doesn't pad to even length -Status: Assigned +Status: Analyzed -Package: *Graphics related +Package: GD related -Operating System: All +Operating System: * -PHP Version: 5.5.8 +PHP Version: 5.6.11 -Assigned To: pajoye +Assigned To: cmb
 [2015-07-19 15:07 UTC] cmb@php.net
Indeed, I can confirm this issue. Consider the following simple
test script:

<?php
$im = imagecreatetruecolor(75, 75);
$red = imagecolorallocate($im, 255, 0, 0);
imagefilledrectangle($im, 0, 0, 74, 74, $red);
imagewebp($im, __DIR__ . '/bug66590.webp');
?>

This fails to create a valid Webp image file. display (ImageMagick
6.9.1-2), for instance, reports: "insufficient image data in file
[...]". The length in the RIFF chunk is given as 92 bytes, so the
file size should be 100 bytes (8 bytes RIFF header size), but it's
only 99 bytes.

The supplied patch obviously fixes this issue. Thanks!
 [2015-07-19 15:48 UTC] cmb@php.net
Automatic comment on behalf of cmb
Revision: http://git.php.net/?p=php-src.git;a=commit;h=96e42403d5e5e3e9c39522bda3017b03a8fe2ebc
Log: Fix #66590: imagewebp() doesn't pad to even length
 [2015-07-19 15:48 UTC] cmb@php.net
-Status: Analyzed +Status: Closed
 [2015-07-19 15:54 UTC] cmb@php.net
Reported upstream against libgd:
<https://github.com/libgd/libgd/issues/176>.
 [2015-07-19 20:04 UTC] cmb@php.net
Automatic comment on behalf of cmb
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d3958b32caf606a2710436f8c80df58152e3b160
Log: fixed Fix #66590, which may segfault
 [2015-07-21 14:20 UTC] ab@php.net
Automatic comment on behalf of cmb
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d3958b32caf606a2710436f8c80df58152e3b160
Log: fixed Fix #66590, which may segfault
 [2015-07-21 14:20 UTC] ab@php.net
Automatic comment on behalf of cmb
Revision: http://git.php.net/?p=php-src.git;a=commit;h=96e42403d5e5e3e9c39522bda3017b03a8fe2ebc
Log: Fix #66590: imagewebp() doesn't pad to even length
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Fri Feb 24 01:01:37 2017 UTC