The behavior of imagecropauto($im, IMG_CROP_DEFAULT) is rather different
for the bundled and an external libgd, see
<https://github.com/libgd/libgd/issues/298>.
Therefore we split the test for now.
This test case fails with external libgd, because libgd < 2.2.4 converts
palette images to truecolor (<https://github.com/libgd/libgd/issues/297>).
However, even if there happens no truecolor conversion, it is not guaranteed
that the palette indexes of the original and the cropped image are identical
(this is, for instance, not the case with current libgd master where the bug
has been fixed). Therefore we check for the expected RGBA value instead of
the palette index.
The bundled GD test suites makes heavy use of md5() to verify the result
of drawing operations. This leads to fragile tests (even a slight change
in a PNG header would cause failure, and of course there is the
possibility of collisions), and even worse, eventual test failures are
rather unrevealing.
Therefore we replace all md5() verification with a simplistic
test_image_equals_file(), which is basically a simplified port of libgd's
gdTestImageCompareToFile(), adapted to the needs of PHPTs.
In the long run better tests helpers should be introduced (see also
<http://news.php.net/php.internals/94081>), but for now this solution
is preferable over the former.
(cherry picked from commit 24f9e96792)
The test succeeds with libxml < 2.9.4, and is supposed to succeed with
libxml > 2.9.4. Unfortunately, we can't conditionally mark a test case
as XFAIL, so we're simply skipping the test for libxml 2.9.4 instead.
...from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE
The remainer of the fix would require the filter functions to only
convert to string when it makes sense for that particular filter.
(cherry picked from commit 432dc527ad)
The PHP core and extensions are written with the assumption that memory
allocation either succeeds, or the allocator bails out (i.e. the allocator
is infallible). Therefore the result of emalloc() and friends are not checked
for NULL values.
However, with USE_ZEND_ALLOC=0, malloc() and friends are used as allocators,
but these are fallible, i.e. they return NULL instead of bailing out if they
fail. This easily leads to invalid memory accesses in the following, such as
in <https://bugs.php.net/73032>. Some of these cases may constitute
exploitable vulnerabilities.
Therefore we make the infallible __zend_alloc() and friends the default for
USE_ZEND_ALLOC=0.
`command_length` is retrieved via strlen() and later passed to emalloc()
and memcpy(), so the appropriate type is `size_t`.
We don't add a regression test, because that would need to allocate a string
of at least 2 GiB.
ACCEL_LOG_ERROR is special and causes a zend_bailout() and the code
never gets to call kill() in the next line after the logging. Change
the log level to WARNING.
While it is possible to force the same behavior by setting the internal
option (?J), having a dedicated modifier appears to be useful. After all,
J is even listed on the "Pattern Modifiers" man page[1], but the description
referrs to (?J).
[1] <http://php.net/manual/en/reference.pcre.pattern.modifiers.php>
gdImageTrueColorToPalette() is sometimes wasteful by putting multiple white
color entries into the palette. This is caused by an obvious typo, where
to avoid a division by zero when `total` is zero, `count` is checked instead
of `total`.
We fix this issue to improve the quality of the color quantization.
Cf. <https://github.com/libgd/libgd/commit/24b4550f>
When ran from a root directory the test case failed, because the open_basedir
restriction for "../[…]" won't kick in. Therefore we change the current
working directory to the test case's directory, as discussed on internals,
see <http://news.php.net/php.internals/95585>.