We back-port https://github.com/libgd/libgd/commit/dd48286 even though
we cannot come up with a regression test, because the erroneous
condition appears to be impossible to trigger.
We also parenthesize the inner ternary operation to avoid confusion.
We have to make sure to avoid alpha-blending issues by explicitly
switching to `gdEffectReplace` and to restore the old value afterwards.
This is a port of <https://github.com/libgd/libgd/commit/a7a7ece>.
Crafted BMP images can cause dynamicSeek() to be called with a negative
position which must not be allowed, since dynamicSeek() works like
fseek() in SEEK_SET mode. We solve this by bailing out if `pos` is
negative, and let the image reading fail gracefully.
PHP contained two different off-by-one errors, which are fixed here. First,
it created a buffer of size HOST_NAME_MAX, not adding space for a null
terminator. Second, it subtracted 1 from the size of that buffer when passing
its size to gethostname(), despite gethostname() expecting it to be a buffer
size including space for a terminating null byte, not a string length.
The WDDX specification[1] requires to serialize floats with a decimal
point, but `snprintf()` is locale-dependent and may use a decimal
comma. We fix that afterwards by replacing an eventual comma with a
point.
[1] <http://xml.coverpages.org/wddx0090-dtd-19980928.txt>
Directly fail unserialization when trying to acquire an r/R
reference to an UNDEF HT slot. Previously this left an UNDEF and
later deleted the index/key from the HT.
What actually caused the issue here is a combination of two
factors: First, the key deletion was performed using the hash API,
rather than the symtable API, such that the element was not actually
removed if it used an integral string key. Second, a subsequent
deletion operation, while collecting trailing UNDEF ranges, would
mark the element as available for reuse (leaving a corrupted HT
state with nNumOfElemnts > nNumUsed).
Fix this by failing early and dropping the deletion code.