php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58211 Segfault under 64bit OS
Submitted: 2008-06-03 02:40 UTC Modified: 2016-07-25 15:57 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: alan at fromorbit dot com Assigned: cmb (profile)
Status: Closed Package: ps (PECL)
PHP Version: Irrelevant OS: FreeBSD 7.0p1 64bit
Private report: No CVE-ID: None
 [2008-06-03 02:40 UTC] alan at fromorbit dot com
Description:
------------
Hi all,

I found a bug in this extension. It will cause php to crash with a segfault. I've tracked it down to the imageid in ps_place_image(). zend_parse_parameters() was loading a long into an int. I've made a patch to fix this.

--- ps.c.orig   2007-11-27 20:40:14.000000000 +1100
+++ ps.c        2008-06-03 02:07:28.000000000 +1000
@@ -1302,7 +1302,7 @@
        zval *zps;
        char *type, *filename, *image, *stringparam = NULL;
        int type_len, filename_len, stringparam_len;
-       int imageid, intparam = 0;
+       long imageid;
+       intparam = 0;
        PSDoc *ps;

        if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rss|sl", &zps, &type, &type_len, &filename, &filename_len, &stringparam, &stringparam_len, &intparam)) {
@@ -1333,7 +1333,7 @@
 {
        zval **arg1, **arg2;
        int i, j, color, count;
-       int imageid;
+       long imageid;
        gdImagePtr im;
        unsigned char *buffer, *ptr;
        PSDoc *ps;
@@ -1399,7 +1399,7 @@
 PHP_FUNCTION(ps_close_image)
 {
        zval *zps;
-       int imageid;
+       long imageid;
        PSDoc *ps;

        if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rl", &zps, &imageid)) {
@@ -1408,7 +1408,7 @@

        PSDOC_FROM_ZVAL(ps, &zps);

-       PS_close_image(ps, imageid);
+       PS_close_image(ps, (int) imageid);
 }
 /* }}} */

@@ -1417,7 +1417,7 @@
 PHP_FUNCTION(ps_place_image)
 {
        zval *zps;
-       int imageid;
+       long imageid;
        double x, y, scale;
        PSDoc *ps;

@@ -1427,7 +1427,7 @@

        PSDOC_FROM_ZVAL(ps, &zps);

-       PS_place_image(ps, imageid, (float) x, (float) y, (float) scale);
+       PS_place_image(ps, (int) imageid, (float) x, (float) y, (float) scale);

        RETURN_TRUE;
 }
@@ -1778,7 +1778,7 @@
        zval **arg1, **arg2, **arg3, **arg4, **arg5, **arg6, **arg7;
        PSDoc *ps;
        char *image;
-       int imageid;
+       long imageid;

        if (ZEND_NUM_ARGS() != 7 || zend_get_parameters_ex(7, &arg1, &arg2, &arg3, &arg4, &arg5, &arg6, &arg7) == FAILURE) {
                WRONG_PARAM_COUNT;
@@ -1819,7 +1819,7 @@
        char *type, *params, *source, *data;
        int type_len, params_len, source_len, data_len;
        int length, width, height, components, bpc;
-       int imageid;
+       long imageid;
        char *image;
        PSDoc *ps;

@@ -2039,7 +2039,7 @@
  * Add an existing image as thumbnail for the current page. */
 PHP_FUNCTION(ps_add_thumbnail) {
        zval *zps;
-       int imageid;
+       long imageid;
        PSDoc *ps;

        if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rl", &zps, &imageid)) {
@@ -2048,7 +2048,7 @@

        PSDOC_FROM_ZVAL(ps, &zps);

-       PS_add_thumbnail(ps, imageid);
+       PS_add_thumbnail(ps, (int) imageid);

        RETURN_TRUE;
 } /* }}} */





Patches

php-ps-64bit.patch (last revision 2012-07-13 06:51 UTC by ttkaminski at gmail dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-07-13 06:50 UTC] ttkaminski at gmail dot com
Your patch is only a partial fix.  I was having trouble with the ps_setfont() 
function.  I ended up going through the entire ps.c code and identifying all 
arguments that should be parsed as long.  Patch against 1.3.6 included.
 [2012-11-29 20:16 UTC] clint at ubuntu dot com
This was also found on Ubuntu, in the latest dev release and Ubuntu 12.10.

https://bugs.launchpad.net/ubuntu/+source/php-ps/+bug/1024207
 [2016-07-25 15:57 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2016-07-25 15:57 UTC] cmb@php.net
This is supposed to have been fixed as of ps-1.3.7.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 12:01:27 2024 UTC