Skip to content

ext/standard/image.c: Fix unsafe integer conversion #18661

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

ext/standard/image.c: Fix unsafe integer conversion #18661

wants to merge 1 commit into from
+10 −0

Conversation

@andr3y-k0v4l3v
Copy link
Contributor

  • Add checks for image dimensions (width/height/bits/channels) against ZEND_LONG_MAX.
  • Prevent sign-bit override when converting unsigned int to zend_long on 32-bit platforms.
  • Ensure consistent behavior across architectures for getimagesize() results.

Reported-by: Dmitriy Fedin [email protected]

@andr3y-k0v4l3v andr3y-k0v4l3v requested a review from bukka as a code owner May 26, 2025 12:18
@andr3y-k0v4l3v andr3y-k0v4l3v force-pushed the fix-unsafe-conversion-ext-standard-image branch 2 times, most recently from 2295fa9 to 0b1fae9 Compare May 26, 2025 14:47
SakiTakamachi
SakiTakamachi reviewed May 28, 2025
View reviewed changes
ext/standard/image.c
Comment on lines +1524 to +1530
if (result &&
result->width <= INT32_MAX &&
result->height <= INT32_MAX &&
result->bits <= INT32_MAX &&
result->channels <= INT32_MAX)
{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can check whether it's a 32-bit build and use conditional compilation accordingly.

Suggested change
if (result &&
result->width <= INT32_MAX &&
result->height <= INT32_MAX &&
result->bits <= INT32_MAX &&
result->channels <= INT32_MAX)
{
#if SIZEOF_ZEND_LONG == 4
if (result &&
result->width <= INT32_MAX &&
result->height <= INT32_MAX &&
result->bits <= INT32_MAX &&
result->channels <= INT32_MAX)
{
#else
if (result) {
#endif

ext/standard/image.c: Fix unsafe integer conversion
3f92617 
- Add checks for image dimensions (width/height/bits/channels) against
INT32_MAX.
- Prevent sign-bit override when converting unsigned int to zend_long on 32-bit
platforms.
- Ensure consistent behavior across architectures for getimagesize() results.

Reported-by: Dmitriy Fedin <[email protected]>
Signed-off-by: Andrey Kovalev <[email protected]>
@andr3y-k0v4l3v andr3y-k0v4l3v force-pushed the fix-unsafe-conversion-ext-standard-image branch from 0b1fae9 to 3f92617 Compare June 2, 2025 07:37
@nielsdos
Copy link
Member

nielsdos commented Jun 2, 2025

Why not just update the format string?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SakiTakamachi SakiTakamachi SakiTakamachi left review comments

@bukka bukka Awaiting requested review from bukka bukka is a code owner

Assignees

No one assigned

Labels

Extension: standard

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@andr3y-k0v4l3v @nielsdos @SakiTakamachi