#27427 [NEW]: imageftbbox() is unstable with text containing newlines

[spam747 at mynamehere dot com]

From:             spam747 at mynamehere dot com
Operating system: Fedora Core 1
PHP version:      4.3.4
PHP Bug Type:     GD related
Bug description:  imageftbbox() is unstable with text containing newlines

Description:
------------
Calling imageftbbox() multiple times with the same arguments gives
substantially differing results if the text contains a newline.



The exact results vary between executions, so an uninitialized variable or
buffer overflow is suspected.



The results are similar whether the function is run in Apache or from the
command line.



Changing fonts or the text doesn't have an effect, so long as the text
contains a newline (\n).



Occurs using the standard Fedora Core 1 php-4.3.4-1.1 from RPM, and also
php4-STABLE-200402271630 (configure --with-gd).



P.S. the provided email address is valid as-is.

Reproduce code:
---------------
#!/usr/bin/php -q

<?php

$size=8;

$angle=0;

$font="/usr/share/fonts/bitstream-vera/Vera.ttf";

$text="foo\nfoo";

$extra=array();

for ($i=0;$i<10;$i++) {

        $box=imageftbbox($size,$angle,$font,$text,$extra);

        echo $box[1]." ".$box[3]."\n";

}

?>

Expected result:
----------------
1 1

1 1

1 1

1 1

1 1

1 1

1 1

1 1

1 1

1 1



(Perhaps not this exactly, but all the lines should be the same)

Actual result:
--------------
1 1

15 15

15 15

15 15

15 15

15 15

15 15

15 15

15 15

15 15



(On occasion, the second line may match the first, but from the third line
on things change)

-- 
Edit bug report at http://bugs.php.net/?id=27427&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=27427&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=27427&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=27427&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=27427&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=27427&r=needtrace
Need Reproduce Script:      http://bugs.php.net/fix.php?id=27427&r=needscript
Try newer version:          http://bugs.php.net/fix.php?id=27427&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=27427&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=27427&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=27427&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=27427&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=27427&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=27427&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=27427&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=27427&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=27427&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=27427&r=float