From 58b51115389d3dec147ef788fc2ed82654b59af9 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Wed, 24 Jan 2024 22:12:49 +0100 Subject: [PATCH] Fix GH-10344: imagettfbbox(): Could not find/open font UNC path libgd uses an incorrect absolute path check in gdft.c. It checks if either the path starts with a '/' (only valid on Posix btw), or whether it contains something of the form C:\ or C:/. However, this overlooks the possibility of using UNC paths on Windows. As we already do PHP-specific stuff with VCWD_ macros, use IS_ABSOLUTE_PATH to check for an absolute path which will take into account UNC paths as well. --- ext/gd/libgd/gdft.c | 12 +++++++++++- ext/gd/tests/gh10344.phpt | 28 ++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 ext/gd/tests/gh10344.phpt diff --git a/ext/gd/libgd/gdft.c b/ext/gd/libgd/gdft.c index 554a656e625c9..6876ca6f6b428 100644 --- a/ext/gd/libgd/gdft.c +++ b/ext/gd/libgd/gdft.c @@ -401,7 +401,17 @@ static void *fontFetch (char **error, void *key) #ifdef NETWARE if (*name == '/' || (name[0] != 0 && strstr(name, ":/"))) { #else - if (*name == '/' || (name[0] != 0 && name[1] == ':' && (name[2] == '/' || name[2] == '\\'))) { + /* Actual length doesn't matter, just the minimum does up to length 2. */ + unsigned int min_length = 0; + if (name[0] != '\0') { + if (name[1] != '\0') { + min_length = 2; + } else { + min_length = 1; + } + } + ZEND_IGNORE_VALUE(min_length); /* On Posix systems this may be unused */ + if (IS_ABSOLUTE_PATH(name, min_length)) { #endif snprintf(fullname, sizeof(fullname) - 1, "%s", name); if (access(fullname, R_OK) == 0) { diff --git a/ext/gd/tests/gh10344.phpt b/ext/gd/tests/gh10344.phpt new file mode 100644 index 0000000000000..829f8f9c35cde --- /dev/null +++ b/ext/gd/tests/gh10344.phpt @@ -0,0 +1,28 @@ +--TEST-- +GH-10344 (imagettfbbox(): Could not find/open font UNC path) +--EXTENSIONS-- +gd +--SKIPIF-- + +--FILE-- + +--EXPECT-- +int(8)