- load glyph with FT_LOAD_IGNORE_TRANSFORM for bbox as final bbox is rotated at once later (fixes "double-rotation" per glyph for calculating bbox)
- reload the rotated glyph for painting after that (only if angle != 0)
- rotate the original bbox at 0,0 and do not throw away xMin/yMin (drawing-rotation is also based at "origin" point - including the bearingX, see http://www.freetype.org/freetype2/docs/glyphs/glyphs-3.html#section-3) - this fixes the "left-shift"-problem also when angle = 0
- removed "xb/yb" and use "x/y" directly for offsetting brect (no need for adding "x1/y1" and substracting "yd" later)
- removed therefore unused "yd" helper var which seems tried to fix parts of the original problems
- initialize x/y with 0 instead of -1 in php_imagettftext_common() to make image*text() and image*bbox() results identical (there was a -1px shift in image*bbox() before)
- fixed gdroundupdown() for negative numbers (-256 / 64 gives -5 instead of -4 before)
- rotate kerning-delta by given angle (fixes completely wrong kerning and therefore wrong bounding box if angle != 0)
- changed 3 tests and added a new one to test for the new (better) coordinates
The stack overflow is caused by the recursive algorithm in combination with a
very large negative coordinate passed to gdImageFillToBorder(). As there is
already a clipping for large positive coordinates to the width and height of
the image, it seems to be consequent to clip to zero also.
Contrary to imagefilledrectangle(), imagerectangle() has the documented
limitation that the given points have to be the upper left and the lower right
corner, respectively. However, libgd already caters to upper right / lower left
pairs, and not catering to the other two combinations seems to be an oversight.
The code in the bundled libgd uses libvpx and writes the riff manually. The
code generates the correct even size, but neglects the padding. It's possible
older versions of libwebp would decode this, but libwebp 0.4.0 does not.
Let's apply the patch supplied by one of the WebP developers.
Contrary to the external libgd, the bundled libgd doesn't use optimized
rotation algorithms for negative square angles. We fix that now.
There are other improvements in gdImageRotateInterpolated() in the external
libgd. I'll leave them out for now, in the hope that we'll be able to rejoin
the two libraries rather soon.
imagescale(..., IMG_BICUBIC) is not supposed to work with palette images, so we
fix that by converting to true color if necessary. Basically the same fix has
already been applied to the external libgd[1].
[1] <723ea520be>
To avoid drawing the corner pixels twice, gdImageRectangle() draws the vertical
lines 2 points shorter than the actual side of the rectangle. However, this
causes "whiskers" for rectangles with height 0. This patch fixes this issue and
at the same time optimizes the algorithm by drawing only a single line for zero
height and zero width rectangles.
Actually, this is not really a bug fix, but rather a simplification and
optimization in the same vein as has been done with the external libgd, but
going a small step further and joining both for loops.
From upstream d41eb72cd4
Fix build with latest libvpx 1.4.0
These new constants exist at least since 1.0.0
Compatibility ones have been droped in 1.4.0
strtok() is not thread safe, so this will potentially break in
very bad ways if used in ZTS mode.
I'm not sure why gd_strtok_r() exists since it seems to do the
same thing as strtok_r(), but I'll assume it's a portability
decision and do as the Romans do.
Upstream 463c3bd09b
Notice: this fix don't manage monochrome/monovisual values
but just fix the security issue CVE-2014-2497
failing when trying to load such an image
This amends commit 8f4a537, which aimed to correct NULL dereference because of
missing check of gdImageCreateTrueColor() / gdImageCreate() return value. That
commit checks for negative crop rectangle width and height, but
gdImageCreate*() can also return NULL when width * height overflows. Hence
NULL deref is still possible, as gdImageSaveAlpha() and gdImagePaletteCopy()
is called before dst == NULL check.
This moves NULL check to happen right after gdImageCreate*(). It also removes
width and height check before gdImageCreate*(), as the same check is done by
image create functions (with an extra warning).
From thoger redhat com
Summary:
This caused issues when you picked a font with multiple maps, it wouldn't
pick the unicode version but instead pick the last one it saw. Change so
we cache on a per encoding level. There was even a todo list item in the code.
In an ideal world we can probably iterate through at font write time.
Test Plan:
See said unit test, it's Apache Licensed font included