php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79067 gdTransformAffineCopy() may use unitialized values
Submitted: 2020-01-06 08:28 UTC Modified: 2020-01-06 08:28 UTC
From: cmb@php.net Assigned: cmb (profile)
Status: Closed Package: GD related
PHP Version: 7.3Git-2020-01-06 (Git) OS: *
Private report: No CVE-ID: None
 [2020-01-06 08:28 UTC] cmb@php.net
Description:
------------
See <https://github.com/libgd/libgd/issues/583>.

Test script:
---------------
<?php

$matrix = [1, 1, 1, 1, 1, 1];
$src = imagecreatetruecolor(8, 8);
var_dump(imageaffine($src, $matrix));


Expected result:
----------------
bool(false)

Actual result:
--------------
==10583== Memcheck, a memory error detector
==10583== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==10583== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright info
==10583== Command: sapi/cli/php /mnt/c/php-sdk/phpdev/vc15/x64/affine.php
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x297F3B: getPixelInterpolated (gd_interpolation.c:747)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x297F4E: getPixelInterpolated (gd_interpolation.c:748)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x296F5C: filter_bicubic (gd_interpolation.c:343)
==10583==    by 0x297FDC: getPixelInterpolated (gd_interpolation.c:773)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x296F6A: filter_bicubic (gd_interpolation.c:344)
==10583==    by 0x297FDC: getPixelInterpolated (gd_interpolation.c:773)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x296F5C: filter_bicubic (gd_interpolation.c:343)
==10583==    by 0x297FFF: getPixelInterpolated (gd_interpolation.c:774)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x296F6A: filter_bicubic (gd_interpolation.c:344)
==10583==    by 0x297FFF: getPixelInterpolated (gd_interpolation.c:774)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x298036: getPixelInterpolated (gd_interpolation.c:784)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Use of uninitialised value of size 8
==10583==    at 0x2980E0: getPixelInterpolated (gd_interpolation.c:786)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x2980F4: getPixelInterpolated (gd_interpolation.c:788)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x298114: getPixelOverflowTC (gd_interpolation.c:658)
==10583==    by 0x298114: getPixelInterpolated (gd_interpolation.c:789)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Use of uninitialised value of size 8
==10583==    at 0x2981A0: getPixelInterpolated (gd_interpolation.c:791)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x2981D7: getPixelInterpolated (gd_interpolation.c:788)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x2981ED: getPixelInterpolated (gd_interpolation.c:784)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x298121: getPixelOverflowTC (gd_interpolation.c:658)
==10583==    by 0x298121: getPixelInterpolated (gd_interpolation.c:789)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x29812E: getPixelOverflowTC (gd_interpolation.c:658)
==10583==    by 0x29812E: getPixelInterpolated (gd_interpolation.c:789)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x29813B: getPixelOverflowTC (gd_interpolation.c:658)
==10583==    by 0x29813B: getPixelInterpolated (gd_interpolation.c:789)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x298204: getPixelInterpolated (gd_interpolation.c:810)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x298427: getPixelInterpolated (gd_interpolation.c:810)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x29843D: getPixelInterpolated (gd_interpolation.c:811)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x2983F7: getPixelInterpolated (gd_interpolation.c:811)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x29840F: getPixelInterpolated (gd_interpolation.c:812)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x29822B: getPixelInterpolated (gd_interpolation.c:812)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x29823B: getPixelInterpolated (gd_interpolation.c:813)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x2983D7: getPixelInterpolated (gd_interpolation.c:813)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x298213: getPixelInterpolated (gd_interpolation.c:811)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
==10583== Conditional jump or move depends on uninitialised value(s)
==10583==    at 0x298222: getPixelInterpolated (gd_interpolation.c:812)
==10583==    by 0x29D050: gdTransformAffineCopy (gd_interpolation.c:2425)
==10583==    by 0x29D384: gdTransformAffineGetImage (gd_interpolation.c:2309)
==10583==    by 0x27E017: zif_imageaffine (gd.c:4880)
==10583==    by 0x439ADD: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:694)
==10583==    by 0x439ADD: execute_ex (zend_vm_execute.h:55507)
==10583==    by 0x44214F: zend_execute (zend_vm_execute.h:60939)
==10583==    by 0x3B842A: zend_execute_scripts (zend.c:1568)
==10583==    by 0x357F9F: php_execute_script (main.c:2639)
==10583==    by 0x44449D: do_cli (php_cli.c:997)
==10583==    by 0x1E94FC: main (php_cli.c:1389)
==10583==
resource(5) of type (gd)
==10583==
==10583== HEAP SUMMARY:
==10583==     in use at exit: 0 bytes in 0 blocks
==10583==   total heap usage: 6,999 allocs, 6,999 frees, 1,190,925 bytes allocated
==10583==
==10583== All heap blocks were freed -- no leaks are possible
==10583==
==10583== For counts of detected and suppressed errors, rerun with: -v
==10583== Use --track-origins=yes to see where uninitialised values come from
==10583== ERROR SUMMARY: 28416 errors from 26 contexts (suppressed: 0 from 0)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-01-06 08:28 UTC] cmb@php.net
-Assigned To: +Assigned To: cmb
 [2020-01-06 08:40 UTC] cmb@php.net
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2c5860517c4a1f7ebc81ef79858aa5aff5aad76c
Log: Fix #79067: gdTransformAffineCopy() may use unitialized values
 [2020-01-06 08:40 UTC] cmb@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Thu Feb 20 08:01:24 2020 UTC