search

php / php-src

The PHP Interpreter
https://www.php.net
Other
37.98k stars 7.73k forks source link

Failing tests with external libgd #11252

Open orlitzky opened 1 year ago

orlitzky commented 1 year ago

Description

I was experimenting with using the system gd for our Gentoo package, and noticed a bunch of test failures:

Bug #38212 (Seg Fault on invalid imagecreatefromgd2part() parameters) [ext/gd/tests/bug38212-mb.phpt]
Bug #38212 (Seg Fault on invalid imagecreatefromgd2part() parameters) [ext/gd/tests/bug38212.phpt]
Bug #39780 (PNG image with CRC/data error raises a fatal error) [ext/gd/tests/bug39780_extern.phpt]
Bug #41442 (imagegd2() under output control) [ext/gd/tests/bug41442.phpt]
Bug #43073 (TrueType bounding box is wrong for angle<>0) [ext/gd/tests/bug43073.phpt]
Bug #45799 (imagepng() crashes on empty image). [ext/gd/tests/bug45799.phpt]
Bug #48732 (TTF Bounding box wrong for letters below baseline) [ext/gd/tests/bug48732-mb.phpt]
Bug #48732 (TTF Bounding box wrong for letters below baseline) [ext/gd/tests/bug48732.phpt]
Bug #48801 (Problem with imagettfbbox) [ext/gd/tests/bug48801-mb.phpt]
Bug #48801 (Problem with imagettfbbox) [ext/gd/tests/bug48801.phpt]
Bug #53504 imagettfbbox/imageftbbox gives incorrect values for bounding box [ext/gd/tests/bug53504.phpt]
Bug #65148 (imagerotate may alter image dimensions) [ext/gd/tests/bug65148.phpt]
Bug #66356 (Heap Overflow Vulnerability in imagecrop()) [ext/gd/tests/bug66356.phpt]
Bug #71912 (libgd: signedness vulnerability) [ext/gd/tests/bug71912-mb.phpt]
Bug #71912 (libgd: signedness vulnerability) [ext/gd/tests/bug71912.phpt]
Bug #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow [ext/gd/tests/bug72339.phpt]
Bug #73155 (imagegd2() writes wrong chunk sizes on boundaries) [ext/gd/tests/bug73155.phpt]
Bug #73157 (imagegd2() ignores 3rd param if 4 are given) [ext/gd/tests/bug73157.phpt]
Bug #73159 (imagegd2(): unrecognized formats may result in corrupted files) [ext/gd/tests/bug73159.phpt]
Bug #73161 (imagecreatefromgd2() may leak memory) [ext/gd/tests/bug73161.phpt]
Bug #73272 (imagescale() is not affected by, but affects imagesetinterpolation()) [ext/gd/tests/bug73272.phpt]
Bug 73868 (DOS vulnerability in gdImageCreateFromGd2Ctx()) [ext/gd/tests/bug73868.phpt]
Bug #73869 (Signed Integer Overflow gd_io.c) [ext/gd/tests/bug73869.phpt]
Bug #77272 (imagescale() may return image resource on failure) [ext/gd/tests/bug77272.phpt]
Bug #77479 (imagewbmp() segfaults with very large image) [ext/gd/tests/bug77479.phpt]
Bug #77973 (Uninitialized read in gdImageCreateFromXbm) [ext/gd/tests/bug77973.phpt]
Bug #79676 (imagescale adds black border with IMG_BICUBIC) [ext/gd/tests/bug79676.phpt]
Test max colors for a gd image. [ext/gd/tests/crafted_gd2.phpt]
imagecreatefromgd2 [ext/gd/tests/createfromgd2.phpt]
imagecreatefromwbmp with invalid wbmp [ext/gd/tests/createfromwbmp2_extern.phpt]
gif --> gd1/gd2 conversion test [ext/gd/tests/gif2gd.phpt]
imagegd() writes truecolor images without palette conversion [ext/gd/tests/imagegd_truecolor.phpt]
imagegetinterpolation() and imagesetinterpolation() basic test [ext/gd/tests/imageinterpolation_basic.phpt]
Scale images and preserve aspect ratio [ext/gd/tests/imagescale_preserve_ratio.phpt]
jpeg <--> gd1/gd2 conversion test [ext/gd/tests/jpg2gd-mb.phpt]
jpeg <--> gd1/gd2 conversion test [ext/gd/tests/jpg2gd.phpt]
libgd #86 (Possible infinite loop in imagecreatefrompng) [ext/gd/tests/libgd00086_extern.phpt]
png <--> gd1/gd2 conversion test [ext/gd/tests/png2gd.phpt]
xpm --> gd1/gd2 conversion test [ext/gd/tests/xpm2gd.phpt]

These fall into a few classes, some more difficult than others.

  1. Tests using the "gd" image format. The "gd" format was removed from libgd-2.3.3 (https://github.com/libgd/libgd/blob/master/CHANGELOG.md#233---2021-09-12). I think most of these tests are obsolete and can simply be deleted.
  2. Tests where the output is slightly different. For example, bug45799.phpt is looking for Warning: imagepng(): gd-png error: no colors in palette in %s on line %d but gets Warning: imagepng(): gd-png error: no colors in palette\n in %s on line %d. These tests could be made to support both outputs.
  3. Fundamental behavior changes that never made it upstream. I'm not sure how many of these there are, or how important they are, but they're obviously the hard ones to fix. Less important ones might simply be dropped; but useful ones should probably go upstream.

PHP Version

git master

Operating System

No response

orlitzky commented 1 year ago

It looks like IMG_BICUBIC was accidentally broken (https://github.com/libgd/libgd/issues/847) so the tests involving it fail justifiably.

orlitzky commented 1 year ago

A few PRs to get started on this:

orlitzky commented 1 year ago

I've got another PR in the works fixing the rest of the ones that I know how to fix. If, in addition, I patch IMG_BICUBIC back into gd-2.3.3, then these are the remaining failures:

=====================================================================
FAILED TEST SUMMARY
---------------------------------------------------------------------
Bug #43073 (TrueType bounding box is wrong for angle<>0) [bug43073.phpt]
Bug #48732 (TTF Bounding box wrong for letters below baseline) [bug48732-mb.phpt]
Bug #48732 (TTF Bounding box wrong for letters below baseline) [bug48732.phpt]
Bug #48801 (Problem with imagettfbbox) [bug48801-mb.phpt]
Bug #48801 (Problem with imagettfbbox) [bug48801.phpt]
Bug #53504 imagettfbbox/imageftbbox gives incorrect values for bounding box [bug53504.phpt]
Bug #65148 (imagerotate may alter image dimensions) [bug65148.phpt]
Bug #73272 (imagescale() is not affected by, but affects imagesetinterpolation()) [bug73272.phpt]
=====================================================================

Here's my best guess as to what's happening.

Fail due to changes made in https://svn.php.net/viewvc/?view=revision&revision=286415 that never went upstream:

Unsure. The bug was fixed in https://github.com/php/php-src/pull/1845 and it looks like the changes should have gone upstream, but the test still reports different sizes:

This one segfaults(?):

And finally, this fails because of a minor size difference (expected 135x136, got 137x137), and is probably due to the same imagerotate/boxing issues elsewhere:

@pierrejoye your input would be helpful on the difference between the bundled and upstream results, or anywhere really :)

orlitzky commented 1 year ago

And here's the last PR: https://github.com/php/php-src/pull/11280

orlitzky commented 3 months ago

IIRC the only remaining failures are the six mentioned in https://github.com/php/php-src/issues/11252#issuecomment-1555302644 whose causes are so far unknown.

Should I leave this open, or close it and open a new issue with the more limited scope of fixing those six?