|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2007-10-28 20:42 UTC] carlosp at ravenna dot com
Description: ------------ Filling an image with a pattern causes httpd segmentation fault. It is reproducible, but it does depend on the image dimensions. Version 5.2.3 works fine, so something changed as of 5.2.4, and still fails in 5.2.5RC1. Reproduce code: --------------- $im = ImageCreate( 200, 100 ); $black = ImageColorAllocate( $im, 0, 0, 0 ); $im_tile = ImageCreateFromGif( "transback.gif" ); ImageSetTile( $im, $im_tile ); ImageFill( $im, 0, 0, IMG_COLOR_TILED ); header( "Content-type: image/gif" ); ImageGif( $im ); ImageDestroy( $im ); Expected result: ---------------- A 200x100 image filled with the specified pattern. BTW, the pattern itself is unremarkable, it fails with several different files I've tried. transback.gif above is a 64x64 from http://www.blueknot.com/CSS/TRANSBACK.gif If you change the image dimensions to 100x100, it will work. 101x100 does not! I've also made it fail using gdImageFilledRectangle and particular rectangle dimensions to fill, but was unable to find a correlation. So the code above is the simplest example of the failure. Actual result: -------------- Safari reports the server suddenly dropped connection. Running httpd -X yields "Segmentation fault" when I execute the above script. Even though I followed the instructions to the letter and tried both httpd -X and through gdb, I am unable to produce a core dump or backtrace...sorry. (The gdb method fails immediately upon startup with "gdb in realloc(): error: pointer to wrong page" but I believe that is unrelated because 5.2.3 also gives me that error when I attempt to run it through gdb), My server is a practically fresh FreeBSD 6.2 install, and I'm using the bundled GD library. This is my configuration command: ./configure --with-mysql --with-mysqli --with- apxs=/usr/local/apache/bin/apxs --with-gd --with-zlib --with-png- dir=/usr/local --with-jpeg-dir=/usr/local --enable-debug PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Fri Dec 05 02:00:01 2025 UTC |
[Switching to Thread -1208927680 (LWP 19371)] 0x0814d151 in php_gd__gdImageFillTiled (im=0xa3efeec, x=0, y=16843101, nc=2) at /usr/local/src/php5.2-200710150630/ext/gd/libgd/gd.c:2083 2083 for (x=x1; x>=0 && (!pts[y + x*wx2] && gdImageGetPixel(im,x,y)==oc); x--) { (gdb) bt full #0 0x0814d151 in php_gd__gdImageFillTiled (im=0xa3efeec, x=0, y=16843101, nc=2) at /usr/local/src/php5.2-200710150630/ext/gd/libgd/gd.c:2083 l = 102 x1 = 0 x2 = 99 dy = 1 oc = 0 tiled = 1 wx2 = 200 wy2 = 100 stack = (struct seg *) 0xa4080d4 sp = (struct seg *) 0xa408294 pts = 0xa403284 '\001' <repeats 13 times> #1 0x0814ca2e in php_gd_gdImageFill (im=0xa3efeec, x=0, y=0, nc=-5) at /usr/local/src/php5.2-200710150630/ext/gd/libgd/gd.c:1972 l = 0 x1 = 84 x2 = 84 dy = 20 oc = 171900652 wx2 = -1076818088 wy2 = 9 alphablending_bak = 0 stack = (struct seg *) 0x0 sp = (struct seg *) 0x4 #2 0x08141f69 in zif_imagefill (ht=4, return_value=0xa3fd9d0, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0, tsrm_ls=0xa254050) at /usr/local/src/php5.2-200710150630/ext/gd/gd.c:3612 IM = (zval **) 0xa3e2ea8 x = (zval **) 0xa3e2eac y = (zval **) 0xa3e2eb0 col = (zval **) 0xa3e2eb4 im = (gdImagePtr) 0xa3efeec From a build last week that I had, I can't reproduce on 2.1.0 here.