From 1e464e5b55f81b7fb9476a55f481fe1d2a25d6d9 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Tue, 9 Jan 2024 20:40:22 +0000
Subject: [PATCH] ext/gd: Fix GH-13082

Issue occur when compiling with recent clang releases (> 13) and
 with the '-Os' optimisation level, after using
`imageloadfont` which returns a proper GdFont class leads to
 a subtle bug when attempting to use via the imagefont* function.
---
 NEWS                      |   4 ++++
 ext/gd/gd.c               |   8 ++++----
 ext/gd/tests/gh13082.gdf  | Bin 0 -> 53776 bytes
 ext/gd/tests/gh13082.phpt |  16 ++++++++++++++++
 4 files changed, 24 insertions(+), 4 deletions(-)
 create mode 100644 ext/gd/tests/gh13082.gdf
 create mode 100644 ext/gd/tests/gh13082.phpt

diff --git a/NEWS b/NEWS
index f218cc9a6df..b723d6e14d2 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,10 @@ PHP                                                                        NEWS
     (Jakub Zelenka)
   . Fixed bug GH-12905 (FFI::new interacts badly with observers). (nielsdos)
 
+- GD:
+  . Fixed GH-13082 undefined behavior with GdFont instances handling with
+    imageload* and imagechar*. (David Carlier)
+
 - Intl:
   . Fixed GH-12943 (IntlDateFormatter::__construct accepts 'C' as valid locale).
     (David Carlier)
diff --git a/ext/gd/gd.c b/ext/gd/gd.c
index 1d8b3a0a1d4..c86a663c5b7 100644
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -2681,8 +2681,8 @@ static gdFontPtr php_find_gd_font(zend_object *font_obj, zend_long font_int)
  */
 static void php_imagefontsize(INTERNAL_FUNCTION_PARAMETERS, int arg)
 {
-	zend_object *font_obj;
-	zend_long font_int;
+	zend_object *font_obj = NULL;
+	zend_long font_int = 0;
 	gdFontPtr font;
 
 	ZEND_PARSE_PARAMETERS_START(1, 1)
@@ -2750,8 +2750,8 @@ static void php_imagechar(INTERNAL_FUNCTION_PARAMETERS, int mode)
 	int ch = 0, col, x, y, i, l = 0;
 	unsigned char *str = NULL;
 	zend_object *font_obj;
-	zend_long font_int;
-	gdFontPtr font;
+	zend_long font_int = 0;
+	gdFontPtr font = NULL;
 
 	ZEND_PARSE_PARAMETERS_START(6, 6)
 		Z_PARAM_OBJECT_OF_CLASS(IM, gd_image_ce)
diff --git a/ext/gd/tests/gh13082.gdf b/ext/gd/tests/gh13082.gdf
new file mode 100644
index 0000000000000000000000000000000000000000..44669f3d12b92f2ef2144700e374b8f2d529c587
GIT binary patch
literal 53776
zcmeHMU6wPst($qzV-}G8uPRH42oNGvF4?Ld+udKL&U6W)ND!dPlR5YP_piVH`cM1&
zSNr>S`}^mq3H<%{cW`wb(M->nb$S={YH<ah7VzQ1V;=wRPfSTqNZ#jB22Zt{=g)ZV
z8wxdm&*U^14r1v}98)oJC?#umHl2qxdwkU^I^qG5K@wkn2ct;#Fg+q?%(SBOkR7RD
zuX`|iT%E40<=3gBi%w$Q$Ccx?jzKegBdh^mmbayBu>c_j)%%J|uXVmF*g1bTHkUcs
z(EAehTW5B8G`>wv|M3j;&o{+;2O70q(=&3FI*Y#?q9qKoDz>Z0)btJ!tG}gxe>S0g
zT80DW0U<UK!aqYFI>~Ho9AEYMs@{9O!m<*1j-$t`+HKA&UBC7G;2h$U&|^@cPp`aH
zc6Iz|9lx)iU!LPnII({AJ>3e2-}eVR#mARz0_FxQHyO$ZQzJ`d=P-I&gY1(3wlhJu
zk3hPExNz&QF+fALt+?mkg`=-JIIjNJkZ}^CnOerCx>qN~A|i}(q>P-sN{LnzXBNg}
zRn0Zto#8TYPRAm)Ue<RCdpfzqvh`H^C`dLgEKHs)OYvPpU1o0{e9<j=(U>@bB}dAc
z%J}$3DUOA*8Xb~<5m)wE<Qhg?jHQn=h`c!M`JSo?;oJ{KEY4Vq4n?Fzy1^>HjDj^u
z(15st5)^TZHk?(A_ga8>A&wkulppJeL8OAH%wvPq>JlO&8#orJbhUjuuIMS)T?S9F
ztzq@Py3!?BWEg5{=28~xh$|<ifhULzH<*!aZG;)~9Iq7-Gw*s+9N5n3<P20Rd)Svo
z&8bD&iQ;?E3j-_nd#h`3d{mLwIzGzt?tItg_-J3RUBG_Vo_@4#%eQi4Jqi7T9lqYP
zn-hj^D`_*x2kJYXHBfd;)bT9;{c*e7dvB)Mllqg;zdKP~UO9Ep=mOeC3VAO&RWqGh
z;s^(&<vV!AF<(8$@x0>5$y2{Drk=6#FKYI%V%v2;Un)Un8)io!kh&}3`f7|uk5;@5
z^kiecLkK-l)ic~u@ko7ap5@ceHs`ua@k)*9X-7GO6>XVAo)}OfP~5?DmsfWTETPmK
zq4a`N%pmn6a0d<!G|^%jG&y#^=k4^uyrZ;q;@i_4=!H5LFl>(+xVy)xbf|--8T-K1
zWeu0MVm!}74bD`0t{^dP`PV#FXYoX2#GZ2=SLIbibzm`}4MqryymKbiPjMzbiwCjp
z+A(7|L^Hf1p*>_RT>Mv%G?yM}AnSUZ%9!u?D9?WW6^~=BPtdXMqx!2(Gm8EF*fls-
z_j}g+bw8hl`o-E@adffJVjkb`ckGMVq5UX<Iw-2^i@Qy!DHG*e>^Vbi-#qln6W5m1
zmltu$iwM6LuL~A(Ez);(6<4eyu5T>*V&wUz4&>uVwZ3Y8BPUfV??}#Bf7`k>J@Afs
z&^u=X-;FT!w{6Gxh_#PR$Jj6rrCAfYD(4Z$`8^NB$WY%vV6<J-6M6BR%SSO=QbE#j
zL*{$lPA?qYt6|48FRcuN>Egr_3X=z7uV4_|^6D~6G<4R?rIWtc^axfi*XWmXAZ#<q
zfdzHM@Mts6jNQ+_x9n;a657+Y)o+3`Cz)6znz&z_lPn35BX;pKZPqvH?|G;bT!d(u
zBC(`~(2hU#%^YsCc4rfzO=|Iw6T@Xr^7L^Jm1Mv27Jc^3Eg9uAc0U1M@u^z*pkGEm
zk3V_8S3Hh7>$9CtEIy!|wZXOTM|X5(Rrk5V(()=t=f~Il8O0<FvU9NA_lQjzgZUB9
z@6j&FAXKMF8o;JO7($QYT+xtZmzR}ZkU0p=NM1&Y2xDE3LCjAFSK{KhvW7@LFx0U)
zO<y~!=#6kQkCf0F2vuM8Kfj7I7)D&2-tYaGDz<t`&3n-3tKX)+>TKGyRr?z@MfNT<
z-f7L2{YE>b;eGMvdP>1D1Xfw<n+94;ZydX^V=ey4e#ZoGS39rP%dd)em;#<{-l6e#
zapo`~T7xYIo7uGk<!t`<MbnRU#3~qTtHm{>Ucs`4sfYQgt!i7Kcn;#Mbxz{w^}Q$c
z<iFaasI6U+!POb|TK^vE<EZ1i(7MLweh=O$=Al_ZgXl3nZSHb;hKCwZX>uBj5Ejjj
z-YZFn@#>wm3@8b^+*ImKND3RBH8+TRP&3Q6IJGgyas8g-Y`=CbuKu50=>@t4+toG*
z8L`OII<DFv;uCa^=~CQ0v>Y5)C9@yjR^N4!rE<rd;*^?Dn>j7iF=DE{8ZR~1ku(L9
z<9+6EsT0RzZRH$|2dAnXtLODq?7`%C#_Ty?!hIs4xQ~BDy=4#S&*MDBJNpGz>xKmb
zFd4&i>^Vbi->|Tk&*pzDZh9cDs=d+YaOhDt$EE9&h+3$JYACKnavQgE|KBG)dM|m5
zm~i}l@<w1jare#Ko^vW59N&5961`=(ZD2H)<9_jP98wr3=#uz5UZsGJB<-gAg|m^9
zyYQ+RuHyUVBSjFAo4nZ6C2g^;VcaisMXxKzzSN5^A}hEmPa>LNtM=}40*KP!lBlYj
zn-KTMS2(02LA%G0<MKHWMY6y&>qK=%snR}1E4u`@Jw>)3ry}M!9)0fDKFcv%jaC}Q
zii&;;NlC2tVcG+qU+~**czs%H9-*JN!~(rBrE(`W7?X%_EZk?>10M#G66-2f?tImy
zHZum<L0vv<G~1~=wc{Rm9e5K;bT3g64=kJqR+|hNVQQ6U=?53}j`cpw?-zW{DW5Rq
zm?qVehn9oms$}-{w-nH?cH(XO>o7^nZIO!n+KL9GU@zgK^_IIh3YG4-#p+-c8$rNM
ztOgfXC;Z9yqD_?h{D5tkN4?|cCQ)`TM|fO=YZL9sm9Fq^tc@gJu|Xiga2CC+@MP=n
zmNj4bgl9cJ51*eBZwU3cy=0o;Hi6#CAioEmJWoMUreG0EY=k*#HFCmAiPO@e+$U?J
zQGP&e5Ys^~@2Bl#6-VB=Kk7jrgT>Zm9RX#L<4liO62GQf^&U*?-p!=JVtB1<lOdM2
zrddQFNxE{p=yDvBFSxQ-@uYWfp2o>q{1Mo=^es*^r7%kJ^?*^{ay#uD^C}+SE42?f
zDI}MsB2Z}_v3ne`sST($aMLZRq@Su)b{YESRc1|5wt(v6>@J*rRu|I~P%8HQ&PaO|
z=D@6oU5i5lIVdgFX;W&{r$xpbq%c2WFN$bxR-^{8@*VHgMrM0ppNQMmZJRAMMJ)qy
z0urVe1j$a}G_KsW^@tR>!wX__+xocNr<*lR@60m4PnE{yPyIrmncj!3{+&*)al5ux
zIL_-2|3yW|8j$8ubBL2J&|r_f3s^7H5HL>&v564=8T?UMW@EF0-{t2A@^WnWZ<hFp
z?EbCD=1oK<5yvcyJMsGwMgs3``UYp7KH_Nk<)@kG3U=`RsU@C-F%o}*MpQHG`Jcp1
zkJJL@#&AL$tl+R34_pxDI4XSAp(HmRbsFJt1(xmULoNT^dsWxF>W@3HiiHWiOZR(u
z4|%jHJoz|Eu#s;+8c(ucx_1~_RQ`GNM9v_gI!xt^R9?`r*IK%T4IcIiM$&?YTn5RQ
zjV+rOq1Ik7RCF6Z0~|MC6=u@lPqzCrhF&Ucn2X<!RoKi8et7(?Gn$7d$K~-)LUc&S
zj{hW&?xlNdLC2o+HH>S3s?yee9`*}4i<7yVKFfpA^tpvF)BMS~^|p46KC0JvGm_xJ
zc+#R{8Ac4u$VKMD%ac!I(}0;nKAWHBgr73-qj-+`J(_=`cb{OB!ENfn2C+QQc^oX@
zpi!dZCtqt3gFl<BV2C~Pf=Lzt&Uz*1f(G~K_-FV%GMoRK+`M%7bvzq@=X?^+^c;@o
zFPw&ZHGcpM){mi~`2W7cXS`IqhO4$Q@UaGJEza0G*7@oh4KjD^75Z`V_-1~uOPPuq
zBS+Bb6SSpj9a8}79ar6r2oh3<W4g&kP(kcDSMX8(qn2rD@7->*`2ioNYbJY_OvtPr
zp4^z-o-Qm(9AkTcXOmx*Yv{E8HTu_c*yx|>S!}nHW_Oo!M$)Via+1bMX(WrVyuf*>
z&Q#)dnvdFISLrVhbDzIoQ2esv7*C&n-((1j#uuyo5%zbU1cS0VZX-E_L9yW>Lr}MW
zhQAm%W4PxKz<%h-(+*=>PlQp_LcrQ!>v_bUGh#|0%`P7Jy|%h!3N<jL^jO+^AqS!%
zmZOl;L}@Zx*v>-Nt9NG^c%E;HH_-Bv6HHm$RWXHf@3=DlLAaJaIL#9S{n~K4oD$cx
zv}h>8qT7tsFt`1kJh31P%LC419kOS%X%Q?@8yiFzB+dchh&WHNAui3RAuDa50b4{k
zGO;Em<DdS9W139!v1xGktpQm9;V*i_TIxN7b3Xc_Y;tWZHGreIDh)m9WmyX_h?M4v
zBUUGQ;Yb_{tX9zLHn_T>SMS_Q-wsMa{+g?!88g3|f}ZYi{UCVQc_Kv?4R(q*f@(Zy
zGZhBS?HeWiOln@xx8HFY&_K|kX2wJ9xO&WR!nWXPxf_T`h7-4b*)p;XW1Fu#v7`lO
z;il$0Pm|Ca&u~xp2kcH@HaCkKjC<du;m4OpmgD)3XZb7f#?wVO-WT?!Xf&1z!-(a<
zT{wom*UOzDrT6s$&w3+fZ@ptOshP{dCd8?J7aP+{I4}j<`6s6eg7;x_p0kRE4c14N
zo;W4NV=Y|yffOeb4B+MQiYD^IcVS5j{*BIVCgfQEBaoaqIPhzT4{q6C;T0{O<9MUD
zYgdlE!dBN4r`f#$VdgSE;>riFYC)Pj8(h)XNc|(z@vPEwCb;~?t%zs`#$hJ#w7v15
z#-KR1Yq7VJ`NqpED;ngH^+J#*d7crbMv2OZ+cBPq>)Gb)*Sf9)SnXTMK6I`jqi?7a
zc@082*f5WbkcFp?-J@gA*~g3?dPjpSV6SA3MF)AFCl%eV1tD4aj%%w)KH_$a2U9X!
z{UmW)I|y6b7)67v8_KYhF{jFm2!*yhqD*WM<Vl`qgsD-YGU9fO=ly=izNIHk>@KQl
zhoLfaq?l103Fbzrv5uIvj5{XvV}8Yn4!xs67C5te8Toqp@ANyGu^lIkKn^`HAhTjn
zX+B_Kq#*~#mD70=R9VlN)gtcsz-V&Ii;6%+n9}hrRA0#GRx`Z>q>aPzs7pg!Ohe8*
zKT7Mc4@*oS%Xzj@k=mx7+>Vt_Ibx=>tz)r2<5B0x(NlHDkg3{-olc!1ZNxog7@^Vi
z{K!--@p|pHZ&fa%Xr0Ma!3|<M=w#Bl?b|6@<{THlc!GGI-`n>2Z2MNm8d5Lvutu>x
z2I<`P^_n^UzTa`W!>GqiH(#3dRqAN&QyF8oWBK#G#lDKH^FB19d0#6XW_3?|-q*yf
zz#z)Jfiq${FrFa?8y$9<D74CZ@Vu}3udSg*iX6|X=Y7QzmG|R$-<i@wankda5@SOn
zEmEeQ;4ZS|IPL>^QmY*G>h;M)ZHG)DIa;DE7P4pLkunoeFk<GCj3>fzLL5pv#zy<t
zbc{_(h$U-6?H0qqp;s{UXTGr%Dr<oN@eoD^HX@1j8iusqAX-r@5MgvZ{76+R+=s?!
zy$Df}O0b9`)@%4JenWNo38)QwnbF4_rlTOsuylr>>bGA*Q!2l7@n|;^DyMHUgykpu
zooU-K`lsCQ+}eSYac<-9E<PXrV*2M0%&}1i!<K^tX7NoTm1z~pp|!UTB~i(~4g){-
z<^PF;y$!eIh#_v69C-#l;0P<<a6%SQ5EFp|`hNi;8^Ix*5iP@%<{R-OY4_6N@52+n
ztz$fLaD27eeb^~=9P9h>Tm0InFt(f<dv&7;-tUo(IM4h2&h&46YCp?=PyBwrHO+LC
z!ejBjIMu%Js3$TIiB%9mMpYMUJehnMgJAKs*0b~z(M*{u?GY2FVHAwD+=Wc#U&V`-
zEe#sDPjT2lPz%K7%sWd_>-Zd7R^^mT=LXV;dhG6!gJ;7=>C@GkHD7!xx$S+^uyXJ{
zXj9@MUp2&)<F&<l1c@0sdZ9&oYzk5i&P`h8w@6h2E9dimqjSmX8^m-_VrMAz<2bPu
zch)%ny5IikG$m3-Q8Ras@!#S%hYbUcA00i9{1(4)x9}Nu0@$X*=T>q0d;Bh#Sx8C0
z7?I;v>Qn64ayrauYs@_t9Ln;|g08ov?CWXK-qB!vMUdZ9Hu0)$2l+(qh<mj)FxZa?
zhLibbQ}wu|2E<KHgAu|a@>rGfh>JOE8BhUsxvA8HNJ?7SK3w3V1|*uc1|x(;)Uhh%
z5m&3MWk3bk<)%`PpeW9K@^C|)>qJ&d2-f7rqBf5nt3Wx?H)~T)=3wWT$Lnu)7wK@p
z>m)6c8c>pQVqy(O2#dV1V<ic>l3o-b9wqq(_~=V2lE})36N~S|5Tp~wAyx4!n1;#Z
zxVV>)iy4%So7Y_K(eV|JUh5tmzgD)%FvqU5U5eeyre<e5)V58f+=Jbt<LYw_HI-ec
z;~DF3@w>SSyBGIc6D8`S=%1X$1>+OR#8_0bjwuFp#tByJXS076x9$zPz9ZkW<U}Xo
zPz$XHb&OcXFXLy<cF)uphx5&D?GU8Pr0JUmB7{Zkv995&4F){c0PxgH-Jz^AShUCH
z;6V<`TQo|rh%eSPT(vj)4WVfxpf>C^_qRQ<T0#&d9hT1gZNGioO;HNu1!xXiZ+m;1
z#0lXK^&7JGCco$DS?ss?edb~ROw)-|$9vhjYED(Vz08U^r{l`_Hj3{)@3$bNwrGgM
zk`OcEA?FpCW!Psy7HP3j;YUYe<Q{TQ5m_?dyy8?Pw5N*em_*=~-<$@wuT;&>rM8{#
z!&zaEt1Q<0@LT-Gs8Y92jf3olUI0=2biXs5FYG-W&v>rI-*UfAyHri#gTHM+46)va
z*Zry|9Prb$kJaE-c<!yf>yM*(JUCfQ_EBrqGV9@;)nje!#L2aIuEm3QkGr}&M_zj$
V9%sf`&~f1h-#H^@h#__@^M3-gGN}Ln

literal 0
HcmV?d00001

diff --git a/ext/gd/tests/gh13082.phpt b/ext/gd/tests/gh13082.phpt
new file mode 100644
index 00000000000..7434d699bee
--- /dev/null
+++ b/ext/gd/tests/gh13082.phpt
@@ -0,0 +1,16 @@
+--TEST--
+GH-13082 - imagefontwidth/height unexpectedly throwing an exception on a valid GdFont object.
+--EXTENSIONS--
+gd
+--FILE--
+<?php
+    $font = imageloadfont(__DIR__ . "/gh13082.gdf");
+    if ($font === false) die("imageloadfont failed");
+    if (!($font instanceof GdFont)) die("invalid gd font");
+
+    var_dump(imagefontwidth($font));
+    var_dump(imagefontheight($font));
+?>
+--EXPECT--
+int(12)
+int(20)