From 003502ae5b66b47ac85136302de793bbea5adccf Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Sun, 5 Oct 2025 13:58:47 +0100 Subject: [PATCH] Fix GH-20070: Return type violation in imagefilter when an invalid filter is provided --- NEWS | 2 ++ ext/gd/gd.c | 6 ++++-- .../tests/imagefilter_invalid_filter_error.phpt | 16 ++++++++++++++++ 3 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 ext/gd/tests/imagefilter_invalid_filter_error.phpt diff --git a/NEWS b/NEWS index 2789d02634c91..adf1e2cb808c3 100644 --- a/NEWS +++ b/NEWS @@ -30,6 +30,8 @@ PHP NEWS - GD: . Fixed GH-19955 (imagefttext() memory leak). (David Carlier) + . Fixed GH-20070 (ext/gd: Return type violation in imagefilter when an + invalid filter is provided). (Girgias) - MySQLnd: . Fixed bug #67563 (mysqli compiled with mysqlnd does not take ipv6 adress diff --git a/ext/gd/gd.c b/ext/gd/gd.c index 44e468410629e..2c3fce862eaea 100644 --- a/ext/gd/gd.c +++ b/ext/gd/gd.c @@ -3404,9 +3404,11 @@ PHP_FUNCTION(imagefilter) RETURN_THROWS(); } - if (filtertype >= 0 && filtertype <= IMAGE_FILTER_MAX) { - filters[filtertype](INTERNAL_FUNCTION_PARAM_PASSTHRU); + if (UNEXPECTED(filtertype < 0 || filtertype > IMAGE_FILTER_MAX)) { + zend_argument_value_error(2, "must be one of the IMG_FILTER_* filter constants"); + RETURN_THROWS(); } + filters[filtertype](INTERNAL_FUNCTION_PARAM_PASSTHRU); } /* }}} */ diff --git a/ext/gd/tests/imagefilter_invalid_filter_error.phpt b/ext/gd/tests/imagefilter_invalid_filter_error.phpt new file mode 100644 index 0000000000000..f543e4a69f5d1 --- /dev/null +++ b/ext/gd/tests/imagefilter_invalid_filter_error.phpt @@ -0,0 +1,16 @@ +--TEST-- +GH-20070: Testing wrong parameter passing in imagefilter() of GD library +--EXTENSIONS-- +gd +--FILE-- +getMessage(), "\n"; +} +?> +--EXPECT-- +ValueError: imagefilter(): Argument #2 ($filter) must be one of the IMG_FILTER_* filter constants