php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #18238 Apache segfaults on Ming code
Submitted: 2002-07-09 06:25 UTC Modified: 2002-07-09 09:23 UTC
From: twan at bitpress dot nl Assigned:
Status: Not a bug Package: Reproducible crash
PHP Version: 4.2.1 OS: Debian/GNU Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: twan at bitpress dot nl
New email:
PHP Version: OS:

 

 [2002-07-09 06:25 UTC] twan at bitpress dot nl 
L.S.,

In a futile attempt to make a clickable image in a Flash movie, I encountered something I think should not happen at all. While I may be unexperienced using Ming and am probably doing something wrong in my efforts, a segmentation fault I think is not appropriate :)

[Tue Jul  9 11:45:18 2002] [notice] child pid 6277 exit signal Segmentation fault (11)

I am running Apache 1.3.26-1, PHP 4.2.1-3 and Ming 0.2a.cvs20020110-3 on a Debian/GNU Linux system. Each time the following script is executed, the Apache childe crashes with a segmentation fault:

<?php

$filename = "result.jpg";

$fp = fopen($filename,"r");
$i = fread($fp,999999);
$img = new SWFBitmap($i); #don't give "fread(...)" as argument, but buffer it.
fclose($fp);

$s = new SWFShape();
#$s->setRightFill($s->addFill(0xff, 0, 0));
#$s->drawLine(100,0);
#$s->drawLine(0,100);
#$s->drawLine(-100,0);
#$s->drawLine(0,-100);
$s->setLeftFill($s->addFill($img));

$b = new SWFButton();
$b->addShape($s, SWFBUTTON_HIT | SWFBUTTON_UP | SWFBUTTON_DOWN | SWFBUTTON_OVER);

$b->addAction(new SWFAction("startDrag('/test', 0);"), // '0' means don't lock to mouse
        SWFBUTTON_MOUSEDOWN);

$b->addAction(new SWFAction("stopDrag();"),
        SWFBUTTON_MOUSEUP | SWFBUTTON_MOUSEUPOUTSIDE);

$p = new SWFSprite();
$p->add($b);
$p->nextFrame();

$swf = new SWFMovie();
$swf->setDimension(504, 501);

$i = $swf->add($p);
$i->setName('test');
$i->moveTo(100,100);

$swf->nextframe();
$swf->add($img);  #this will create a shape with perfect proportions and fills it

header('Content-type: application/x-shockwave-flash');
$swf->output();

?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-09 06:27 UTC] derick@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
 [2002-07-09 08:56 UTC] derick@php.net 
Reproduced with backtrace which shows the bug is clearly in the ming library:

Program received signal SIGSEGV, Segmentation fault.
0x40187014 in SWFInput_buffer_getChar (input=0x830a468) at input.c:165
165 return ((unsigned char *)input->data)[input->offset++];
(gdb) bt
#0  0x40187014 in SWFInput_buffer_getChar (input=0x830a468) at input.c:165
#1  0x40186b98 in SWFInput_getChar (input=0x830a468) at input.c:16
#2  0x401875eb in methodWriteJpegFile (input=0x830a468,
    method=0x814cd5c <phpByteOutputMethod>, data=0x0) at jpeg.c:89
#3  0x40187805 in writeSWFJpegBitmapToMethod (block=0x83905d0,
    method=0x814cd5c <phpByteOutputMethod>, data=0x0) at jpeg.c:181
#4  0x401844e9 in writeSWFBlockToMethod (block=0x83905d0,
    method=0x814cd5c <phpByteOutputMethod>, data=0x0) at block.c:87
#5  0x40172af8 in SWFBlockList_writeBlocksToMethod (list=0x8392010,
    method=0x814cd5c <phpByteOutputMethod>, data=0x0) at blocklist.c:78
#6  0x40171f12 in SWFMovie_output (movie=0x8391ff0,
    method=0x814cd5c <phpByteOutputMethod>, data=0x0) at movie.c:262
#7  0x0814cdae in zif_swfmovie_output (ht=0, return_value=0x83903e4,
    this_ptr=0x8391754, return_value_used=0)
    at /dat/dev/php/php-4.3.0dev/ext/ming/ming.c:1430
#8  0x080e1a8f in execute (op_array=0x838fb0c)
    at /dat/dev/php/php-4.3.0dev/Zend/zend_execute.c:1587
#9  0x407696e8 in xdebug_execute () from /dat/dev/php/xdebug/modules/xdebug.so
#10 0x080d2532 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /dat/dev/php/php-4.3.0dev/Zend/zend.c:810
#11 0x080ac1ae in php_execute_script (primary_file=0xbffff680)
    at /dat/dev/php/php-4.3.0dev/main/main.c:1388
#12 0x080e63b6 in apache_php_module_main (r=0x83894f4, display_source_mode=0)
---Type <return> to continue, or q <return> to quit---
    at /dat/dev/php/php-4.3.0dev/sapi/apache/sapi_apache.c:55
#13 0x0809d89c in send_php ()
#14 0x0809d8f5 in send_parsed_php ()
#15 0x0822b15f in ap_invoke_handler ()
#16 0x0823fd27 in process_request_internal ()
#17 0x0823fd88 in ap_process_request ()
#18 0x08236d31 in child_main ()
#19 0x08236edc in make_child ()
#20 0x08237050 in startup_children ()
#21 0x082376cc in standalone_main ()
#22 0x08237f3b in main ()
#23 0x4055d306 in __libc_start_main (main=0x8237b8c <main>, argc=2,
    ubp_av=0xbffffab4, init=0x807a28c <_init>, fini=0x824e660 <_fini>,
    rtld_fini=0x4000d2dc <_dl_fini>, stack_end=0xbffffaac)
    at ../sysdeps/generic/libc-start.c:129
(gdb)
(gdb) print input
$1 = 0x830a468
(gdb) print *input
$2 = {destroy = 0x40186de8 <SWFInput_dtor>,
  getChar = 0x40186ff0 <SWFInput_buffer_getChar>,
  seek = 0x4018703c <SWFInput_buffer_seek>,
  eof = 0x40187020 <SWFInput_buffer_eof>, offset = 0, length = 127684,
  data = 0x4079702c}
(gdb) print input.data
$3 = (void *) 0x4079702c
(gdb)
 [2002-07-09 09:23 UTC] derick@php.net 
Not a bug in PHP -> bogus
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 03 08:01:34 2025 UTC