php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #17584 segmentation fault with imagefill and tiles
Submitted: 2002-06-03 20:06 UTC Modified: 2002-06-06 00:58 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: ryan at kaneda dot net Assigned:
Status: Closed Package: GD related
PHP Version: 4.2.1 OS: FreeBSD 4.5-STABLE
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: ryan at kaneda dot net
New email:
PHP Version: OS:

 

 [2002-06-03 20:06 UTC] ryan at kaneda dot net 
<?php
$image=imageCreate(200,200);

$tile1=imageCreateFromPNG('./images/stars.png');
$tile2=imageCreateFromgif('./images/temperate_1.gif');
imageSetTile($image,$tile1);
imageFilledRectangle($image,0,0,200,200,IMG_COLOR_TILED);

$polygon=array(10,10,190,100,10,190,100,100,10,10);
imageSetTile($image,$tile2);
imageFilledPolygon($image,$polygon,5,IMG_COLOR_TILED);

imagePNG($image);
imageDestroy($image);
?>

Every time i would do an imagefill with IMG_COLOR_TILED set as the property color, Apache error reporting has this to say:
[Mon Jun 03 16:28:29 2002] [notice] child pid 10678 exit signal Segmentation fault (11)

Here are my configure options:
'./configure' '--with-apxs2=/usr/local/sbin/apxs' '--with-tsrm-pth' '--with-config-file-path=/usr/local/etc' '--enable-versioning' '--with-regex=system' '--without-gd' '--without-mysql' '--with-gd=/usr/local' '--enable-gd-native-ttf' '--with-freetype-dir=/usr/local' '--with-jpeg-dir=/usr/local' '--with-png-dir=/usr/local' '--with-zlib' '--with-bz2=/usr' '--with-mysql=/usr/local' '--with-openssl=/usr' '--enable-sockets' '--enable-trans-sid' '--prefix=/usr/local' 'i386-portbld-freebsd4.5'  or, just look here: http://azazel.kaneda.net/phpinfo.php

I'd have to rebuild php to get the gdb backtrace, but I'll do it if required.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-06-03 20:16 UTC] sniper@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
 [2002-06-05 14:29 UTC] ryan at kaneda dot net 
Okay, I hope this is what we're looking for:

Program received signal SIGSEGV, Segmentation fault.
0x286b9df5 in gdImageSetPixel () from /usr/local/lib/libgd.so.4
(gdb) bt
#0  0x286b9df5 in gdImageSetPixel () from /usr/local/lib/libgd.so.4
#1  0x286b9b06 in gdImageSetPixel () from /usr/local/lib/libgd.so.4
#2  0x286bb28b in gdImageFilledRectangle () from /usr/local/lib/libgd.so.4
#3  0x284049ad in ssl_expr_yytext () from /usr/local/libexec/apache2/libphp4.so
#4  0x283cb0fd in ssl_expr_yytext () from /usr/local/libexec/apache2/libphp4.so
#5  0x283da622 in ssl_expr_yytext () from /usr/local/libexec/apache2/libphp4.so
#6  0x283e822a in ssl_expr_yytext () from /usr/local/libexec/apache2/libphp4.so
#7  0x283e49b6 in ssl_expr_yytext () from /usr/local/libexec/apache2/libphp4.so
#8  0x806dbb7 in ap_pass_brigade ()
#9  0x8073f18 in default_handler ()
#10 0x80646f4 in ap_run_handler ()
#11 0x8064b85 in ap_invoke_handler ()
#12 0x8062006 in ap_process_request ()
#13 0x805e13d in ap_process_http_connection ()
#14 0x806c278 in ap_run_process_connection ()
#15 0x806c4ff in ap_process_connection ()
#16 0x80633ab in child_main ()
#17 0x8063468 in make_child ()
#18 0x806355a in startup_children ()
#19 0x806388f in ap_mpm_run ()
#20 0x80686de in main ()
#21 0x805dd8d in _start ()

---

Am I mistaken, is this a gd library error and not a php error?  The script executed was the same posted in the original report.  Let me know if there's anything else needed.
 [2002-06-05 14:38 UTC] ryan at kaneda dot net 
Oh crap... disregard that.  That's on a non debug php build.  Give me a second to redo the backtrace. 

heh.
 [2002-06-05 15:21 UTC] ryan at kaneda dot net 
okay, sorry about that.  Here's the *real* bt:

Program received signal SIGSEGV, Segmentation fault.
0x286c3df5 in gdImageSetPixel () from /usr/local/lib/libgd.so.4
(gdb) bt
#0  0x286c3df5 in gdImageSetPixel () from /usr/local/lib/libgd.so.4
#1  0x286c3b06 in gdImageSetPixel () from /usr/local/lib/libgd.so.4
#2  0x286c528b in gdImageFilledRectangle () from /usr/local/lib/libgd.so.4
#3  0x284097f2 in zif_imagefilledrectangle (ht=6, return_value=0x81a6268, this_ptr=0x0, return_value_used=0, tsrm_ls=0x812ba30)
    at gd.c:2004
#4  0x283caaa3 in execute (op_array=0x8127c28, tsrm_ls=0x812ba30) at ./zend_execute.c:1598
#5  0x283db37a in zend_execute_scripts (type=8, tsrm_ls=0x812ba30, retval=0x0, file_count=3) at zend.c:810
#6  0x283eaac2 in php_execute_script (primary_file=0xbfbff8dc, tsrm_ls=0x812ba30) at main.c:1381
#7  0x283e6ea6 in php_output_filter (f=0x818d350, bb=0x818dd48) at sapi_apache2.c:401

(gdb) frame 4
#4  0x283caaa3 in execute (op_array=0x8127c28, tsrm_ls=0x812ba30) at ./zend_execute.c:1598
1598                                                    ((zend_internal_function *) EX(function_state).function)->handler(EX(opline)->extended_value, EX(Ts)[EX(opline)->result.u.var].var.ptr, EX(object).ptr, return_value_used TSRMLS_CC);


----

Better?
 [2002-06-05 15:26 UTC] sniper@php.net 
This looks like some other bug which turned out to be a bug
in libpng (iirc). What version do you have there?
(and did you link PHP with the same libpng??)

I can't reproduce this with libpng 1.2.0 and GD 1.8.4.
 [2002-06-05 17:16 UTC] ryan at kaneda dot net 
I'm using gd 2.0.1 with libpng 1.2.0.  I'm installing all of it through FreeBSD ports, so if you may want to try reproducing there.
 [2002-06-05 19:30 UTC] sniper@php.net 
As you propably are aware, GD 2.0.1 is BETA. And the 
original author of GD hasn't updated it for a long long 
time..that's why there will be a bundled patched GD library 
in PHP 4.3.0. 

I fixed (hopefully correctly too, it works for me :) this 
segfault in the bundled GD library now.

You can grab the patched gd.c file from here to test it:

http://cvs.php.net/co.php/php4/ext/gd/libgd/gd.c?r=1.4&p=1

The patch is here: 

http://cvs.php.net/diff.php/php4/ext/gd/libgd/gd.c?r1=1.3&r2=1.4&ty=u

--Jani
 [2002-06-06 00:58 UTC] derick@php.net 
Just want to add that there is a known incompatibility between libpnh 1.2.x and libgd 2.x

Derick
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Sep 20 04:00:01 2025 UTC