Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:112368
Return-Path: <nikita.ppv@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 87815 invoked from network); 2 Dec 2020 10:29:39 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 2 Dec 2020 10:29:39 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 67E151804C0
	for <internals@lists.php.net>; Wed,  2 Dec 2020 01:57:18 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <nikita.ppv@gmail.com>
Received: from mail-lf1-f41.google.com (mail-lf1-f41.google.com [209.85.167.41])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Wed,  2 Dec 2020 01:57:18 -0800 (PST)
Received: by mail-lf1-f41.google.com with SMTP id r24so3465219lfm.8
        for <internals@lists.php.net>; Wed, 02 Dec 2020 01:57:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=Uc87N440GhkdP10V4BY5oLu+qNAeGTw/6vPSFYBKEi0=;
        b=Niq34bHj2RpwcRt/2i3DBLARIb2PfYHrObXwSP7yGM/CjSzSQ6rpYTc3Iif/ByB/lV
         mveGmPiuBurdZKKSOcZCDqX8IZOJDt3Pa55aNTp7cFEE/mTXng31nexzuNqkZPcDnKr4
         FKw+ofn71+RzGLBr611bv9WX48NuWVrtZy5y1cLopzMoblngfPcGDevMCV/hsT2l01lK
         owrUOFTkWeU5nzVHNNakMPs/5zGKWzmO11XwTo+QmHTxlY23zQLpT3aL3+QDu13I6J0x
         uNRe0Y4YyOcVsm090GObuFu35YcDKILh9k8ObLXQ1LmYH9cNUXMIlhtGQUrB5gSv+Id4
         9w3A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=Uc87N440GhkdP10V4BY5oLu+qNAeGTw/6vPSFYBKEi0=;
        b=G1EC6Zdi+vdG1KoC0JYLGv/4JMvzI+5ZahpnWS1eYZ3+LpwOL9ZRT/mCyagmWsZ2NP
         tnYiZG1dqKCJxaayqnGWwuReZQarWG2DiXuaoFDLPbLd88fGJHpHTRrUxs16bm9SJa5D
         XVuv7u+YWwgmG0AhFMnkbs2Fs3Rh3BDOXnUxTpk4Dce4HC8CYXyWTmX1zwjtpWOeV6cW
         0/PVxh7cLCfqsg181KsNrqnSOHfcEmXu+NlBPZr6C5uv/MAWdXjBQaMD4jGlnDzmgr+U
         S64jX9wWgPL+7gDYOO2azQvLJZXcAePmNTl3nXo+jPaRlxo4AnTQNa1I6acxdNm7HxZA
         4PVw==
X-Gm-Message-State: AOAM5314abH7vcP71r/kjeJLvMeCxaU+GGX0Fb553H73Ol9NDDh+tgeK
	BeSKBEM45tFszz6/IeA6/kB1BFRYxaivCZ2ao9nyUn/w8bKboQ==
X-Google-Smtp-Source: ABdhPJyLyzDWa/0IIgGV9LC/iRbS92Vcbm4zbGYPIWZASa/y85wCyt7u1ZZ4sgVMuDNK17mJb7bDPIvO9vD0Py3r9no=
X-Received: by 2002:ac2:5f56:: with SMTP id 22mr946793lfz.439.1606903035052;
 Wed, 02 Dec 2020 01:57:15 -0800 (PST)
MIME-Version: 1.0
References: <b845d5bf-63da-d564-1f0f-cc934188d693@aimeos.com>
 <b546b5bf-27f8-62cc-cc4b-d859132998a4@gmx.de> <bd444642-6a18-d41a-858d-f7273e3ac1ad@aimeos.com>
In-Reply-To: <bd444642-6a18-d41a-858d-f7273e3ac1ad@aimeos.com>
Date: Wed, 2 Dec 2020 10:56:59 +0100
Message-ID: <CAF+90c_r1TY1oTuu2Y9pC3YitYiBniqkg-Hs_qKCxqXAUtbToQ@mail.gmail.com>
To: "Aimeos | Norbert Sendetzky" <norbert@aimeos.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="00000000000097c89805b5784426"
Subject: Re: [PHP-DEV] Re: PHP 8 is_file/is_dir and imagecreatefromstring()
From: nikita.ppv@gmail.com (Nikita Popov)

--00000000000097c89805b5784426
Content-Type: text/plain; charset="UTF-8"

On Wed, Dec 2, 2020 at 10:21 AM Aimeos | Norbert Sendetzky <
norbert@aimeos.com> wrote:

> Am 01.12.20 um 18:24 schrieb Christoph M. Becker:
> > On 01.12.2020 at 18:18, Aimeos | Norbert Sendetzky wrote:
> >
> >> PHP 8 is stricter in checking input data then PHP 7. This is good but
> >> has some side effects for is_file(), is_dir() and similar functions when
> >> invalid paths are passed for checking.
> >>
> >> In PHP 7, this returns FALSE:
> >>
> >> php -r 'var_dump(is_file("ab\0c"));'
> >>
> >> In PHP 8, the same code throws a ValueException. Problem is now that
> >> it's not possible to check upfront if the passed argument is a valid
> >> path to avoid the exception being thrown.
> >
> > This is only about the NUL byte in the filename.  You can easily check
> > for that yourself. :)
>
> If it's the only check that would throw a ValueException, then yes -
> even if I think that is_file() should only return true/false to avoid
> blown up code for checks that should be done by is_file().
>
> Now have a look at GD imagecreatefromstring() which has almost the same
> issue. If you use:
>
> php -r 'var_dump(imagecreatefromstring('some data'));'
>
> you will get in PHP 7:
>
> PHP Warning:  imagecreatefromstring(): Empty string or invalid image in
> Command line code on line 1
> PHP Stack trace:
> PHP   1. {main}() Command line code:0
> PHP   2. imagecreatefromstring() Command line code:1
> Command line code:1:
> bool(false)
>
> and in PHP 8:
>
> PHP Fatal error:  Uncaught ValueError: imagecreatefromstring(): Argument
> #1 ($data) cannot be empty in Command line code:1
> Stack trace:
> #0 Command line code(1): imagecreatefromstring()
> #1 {main}
>   thrown in Command line code on line 1
>
> How would you check the string upfront to be a valid image to avoid the
> ValueException there?
>
> Also, the error in PHP 8 is wrong because the string isn't empty but not
> a valid image or not supported by GD.
>

This was an implementation error, fixed in
https://github.com/php/php-src/commit/a89aaf6c386679492e814cfbb5790142e29692fe.
Thanks for the report!

Nikita

--00000000000097c89805b5784426--