From 3d18a57a9fd68d7a461bb012386a8feb4338c20d Mon Sep 17 00:00:00 2001
From: Oliver Bartsch <bo@cedev.de>
Date: Thu, 21 Mar 2024 14:02:58 +0100
Subject: [PATCH] [BUGFIX] Prevent undefined array index in GifBuilder
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Unset non matching key arrays and additionally
secure the array access with a corresponding
check.

Resolves: #102241
Releases: main, 12.4
Change-Id: If034faf04f52f6e8882dd0b610fa5dfdf9ec2298
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/83559
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
---
 typo3/sysext/frontend/Classes/Imaging/GifBuilder.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/typo3/sysext/frontend/Classes/Imaging/GifBuilder.php b/typo3/sysext/frontend/Classes/Imaging/GifBuilder.php
index 8c72dcbe4751..a8871e5d1562 100644
--- a/typo3/sysext/frontend/Classes/Imaging/GifBuilder.php
+++ b/typo3/sysext/frontend/Classes/Imaging/GifBuilder.php
@@ -246,8 +246,10 @@ class GifBuilder
         }
         // Checking TEXT and IMAGE objects for files. If any errors the objects are cleared.
         // The Bounding Box for the objects is stored in an array
-        foreach ($sKeyArray as $theKey) {
-            $theValue = $this->setup[$theKey];
+        foreach ($sKeyArray as $index => $theKey) {
+            if (!($theValue = $this->setup[$theKey] ?? false)) {
+                continue;
+            }
             if ((int)$theKey && ($conf = $this->setup[$theKey . '.'] ?? [])) {
                 // Swipes through TEXT and IMAGE-objects
                 switch ($theValue) {
@@ -306,6 +308,7 @@ class GifBuilder
                 }
                 // Checks if disabled is set
                 if (($conf['if.'] ?? false) && !$this->cObj->checkIf($conf['if.'])) {
+                    unset($sKeyArray[$index]);
                     unset($this->setup[$theKey]);
                     unset($this->setup[$theKey . '.']);
                     unset($this->objBB[$theKey]);
@@ -319,7 +322,9 @@ class GifBuilder
         $this->setup['workArea'] = (string)$this->cObj->stdWrapValue('workArea', $this->setup);
         $this->setup['workArea'] = $this->calcOffset($this->setup['workArea']);
         foreach ($sKeyArray as $theKey) {
-            $theValue = $this->setup[$theKey];
+            if (!($theValue = $this->setup[$theKey] ?? false)) {
+                continue;
+            }
             if ((int)$theKey && ($this->setup[$theKey . '.'] ?? false)) {
                 switch ($theValue) {
                     case 'TEXT':
-- 
GitLab