PHP :: Bug #19704 :: ImageTrueColorToPalette() kills PHP

Bug #19704

ImageTrueColorToPalette() kills PHP

Submitted:

2002-10-01 22:15 UTC

Modified:

2002-10-06 12:24 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

sprice at wisc dot edu

Assigned:

Status:

Closed

Package:

GD related

PHP Version:

4CVS-2002-10-02

OS:

Darwin 6 (Mac OS 10.2)

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	sprice at wisc dot edu
New email:
PHP Version:		OS:

New Comment:

[2002-10-01 22:15 UTC] sprice at wisc dot edu

This code creates the same error as described here:
http://bugs.php.net/bug.php?id=19700
the two may be related.

If the "ImageTrueColorToPalette" line is commented out this works fine.

<?php
header( "Content-type: image/png" );

$img = ImageCreateTrueColor( 800, 600 );

ImageTrueColorToPalette( $img, 'TRUE', 256 );

ImagePNG( $img );
ImageDestroy( $img );
?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-10-02 08:09 UTC] iliaa@php.net

'kills php'? Does this mean PHP crashes, if so, please provide a backtrace of the crash. Otherwise, please provide more information about this 'killing of php'.

Note: The test script works fine on both Linux & Windows running latest CVS.

[2002-10-02 09:21 UTC] sprice at wisc dot edu

"Kills PHP" means the same error as in the other bug.

here is what I see from top:
(1 sec)
 1482 httpd       27.4%  0:10.96   1     8   164  3.77M- 13.1M+ 6.34M  38.2M+
(1 sec)
 1514 c++filt3     0.0%  0:00.01   1     9    14    48K   396K   268K 
1.37M 
 1513 crashdump  102.5%  0:01.35   2    15   405  25.2M+ 21.1M+ 33.2M+ 59.7M+
 1482 httpd        0.0%  0:10.96   1     8   164  3.77M  13.1M+ 6.34M  38.2M 
(1 sec)
 1514 c++filt3     0.0%  0:00.01   1     9    14    48K   396K   268K  1.37M 
 1513 crashdump   99.8%  0:02.40   2    15   405  25.2M  21.1M  33.2M 
59.7M 
 1512 top          4.7%  0:00.42   1    15    18   208K   376K   488K  13.8M 
 1482 httpd        0.0%  0:10.96   1     8   164  3.77M  13.1M  6.34M  38.2M 

I got a core, I don't know if it is of much help tho:
#0  0x90004c88 in __sfvwrite ()
#1  0x90005b24 in fwrite ()
#2  0x007ec104 in ?? ()
#3  0x007eb4f8 in ?? ()
#4  0x007ec8f4 in ?? ()
#5  0x009ba278 in ?? ()
#6  0x009c3888 in ?? ()
#7  0x009afdc4 in ?? ()
#8  0x009aff94 in ?? ()
#9  0x007ee058 in ?? ()
#10 0x007ed72c in ?? ()
#11 0x007f54fc in ?? ()
#12 0x007d00b4 in ?? ()
#13 0x009a42a4 in ?? ()
#14 0x0098bc58 in ?? ()
#15 0x009420c8 in ?? ()
#16 0x009aa04c in ?? ()
#17 0x009ab278 in ?? ()
#18 0x009ab2f8 in ?? ()
#19 0x0000c4b4 in ap_invoke_handler ()
#20 0x000160b4 in process_request_internal ()
#21 0x00016144 in ap_process_request ()
#22 0x00005b48 in child_main ()
#23 0x00005d08 in make_child ()
#24 0x00005e74 in startup_children ()
#25 0x00006470 in standalone_main ()
#26 0x00006ce8 in main ()
#27 0x00001bb0 in _start ()
#28 0x00001a30 in start ()

This is the first time that I have got a core dump, so I am not sure that I did everything right. (just tell me :-)

[2002-10-02 10:31 UTC] sniper@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2002-10-02 10:41 UTC] sprice at wisc dot edu

Ahhh... Much better this time.

Program received signal EXC_BAD_ACCESS, Could not access memory.
0x90004c88 in __sfvwrite ()
(gdb) bt
#0  0x90004c88 in __sfvwrite ()
#1  0x90005b24 in fwrite ()
#2  0x007ec104 in filePutbuf (ctx=0x5cdfd0, buf=0xbfffc430, size=8) at /usr/local/php-cvs/php4-200210020600/ext/gd/libgd/gd_io_file.c:93
#3  0x007eb4f8 in gdPutBuf (buf=0xbfffc430, size=8, ctx=0x5cdfd0) at /usr/local/php-cvs/php4-200210020600/ext/gd/libgd/gd_io.c:150
#4  0x007ec8f4 in gdPngWriteData (png_ptr=0x6fcfa0, data=0xbfffc430 "\211PNG\r\n\032\n", length=8) at /usr/local/php-cvs/php4-200210020600/ext/gd/libgd/gd_png.c:89
#5  0x009ba278 in png_write_data ()
#6  0x009c3888 in png_write_sig ()
#7  0x009afdc4 in png_write_info_before_PLTE ()
#8  0x009aff94 in png_write_info ()
#9  0x007ee058 in gdImagePngCtx (im=0x6b9d90, outfile=0x5cdfd0) at /usr/local/php-cvs/php4-200210020600/ext/gd/libgd/gd_png.c:655
#10 0x007ed72c in gdImagePng (im=0x6b9d90, outFile=0x0) at /usr/local/php-cvs/php4-200210020600/ext/gd/libgd/gd_png.c:424
#11 0x007f54fc in gdImageTrueColorToPalette (im=0x1a1d00, dither=1, colorsWanted=256) at /usr/local/php-cvs/php4-200210020600/ext/gd/libgd/gd_topal.c:1574
#12 0x007d00b4 in zif_imagetruecolortopalette (ht=3, return_value=0x1a01e8, this_ptr=0x0, return_value_used=0) at /usr/local/php-cvs/php4-200210020600/ext/gd/gd.c:645
#13 0x009a42a4 in execute (op_array=0x19f3c8) at /usr/local/php-cvs/php4-200210020600/Zend/zend_execute.c:1597
#14 0x0098bc58 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/php-cvs/php4-200210020600/Zend/zend.c:834
#15 0x009420c8 in php_execute_script (primary_file=0xbfffec80) at /usr/local/php-cvs/php4-200210020600/main/main.c:1545
#16 0x009aa04c in apache_php_module_main (r=0x192d58, display_source_mode=0) at /usr/local/php-cvs/php4-200210020600/sapi/apache/sapi_apache.c:55
#17 0x009ab278 in send_php (r=0x192d58, display_source_mode=0, filename=0x194900 "/Library/WebServer/Documents/riverdata/scripts/test2.php") at /usr/local/php-cvs/php4-200210020600/sapi/apache/mod_php4.c:564
#18 0x009ab2f8 in send_parsed_php (r=0x192d58) at /usr/local/php-cvs/php4-200210020600/sapi/apache/mod_php4.c:579
#19 0x0000c4b4 in ap_invoke_handler ()
#20 0x000160b4 in process_request_internal ()
#21 0x00016144 in ap_process_request ()
#22 0x00005b48 in child_main ()
#23 0x00005d08 in make_child ()
#24 0x00005e74 in startup_children ()
#25 0x00006470 in standalone_main ()
#26 0x00006ce8 in main ()
#27 0x00001bb0 in _start ()
#28 0x00001a30 in start ()

[2002-10-02 10:42 UTC] rasmus@php.net

Which version of libpng?

[2002-10-02 10:58 UTC] sprice at wisc dot edu

PNG v1.2.4

[2002-10-02 11:00 UTC] sprice at wisc dot edu

I am getting lines in the error log now (i wasn't in PHP v4.2.3)

It seems to be stuck in some sort of loop:

[Wed Oct  2 10:53:02 2002] [notice] child pid 25019 exit signal Bus error (10)
[Wed Oct  2 10:53:03 2002] [notice] child pid 25018 exit signal Bus error (10)

[2002-10-02 11:11 UTC] rasmus@php.net

But was 4.2.3 compiled against the same version of libpng?  There are known issues with libpng 1.2.x.  The 1.0.x versions don't have these problems.

[2002-10-02 12:15 UTC] sprice at wisc dot edu

Yep, I haven't changed versions of libpng. Everything has been compiled against v1.2.4. Should I downgrade to v1.0.x?

[2002-10-02 12:26 UTC] rasmus@php.net

Just to give us another datapoint it would be interesting to see if the crash is the same with libpng-1.0.x

[2002-10-02 13:11 UTC] sprice at wisc dot edu

I have tried libpng v1.0.14 using both "--with-gd=/usr/local" and "--with-gd=php" and I recompiled GD with the old version of libpng. I wish you guys would included the version of png in phpinfo() so I know that I grabbed the correct version of libpng.

Anyway, the error remains the same as ever.

[2002-10-04 17:45 UTC] ndsantos at nuxworks dot net

I encounter the same error in Linux but not in Windows. 

The problem occurs when the script is run through a browser but works fine when run from the command line.

[2002-10-05 01:45 UTC] iliaa@php.net

Can you try the latest libpng (libpng 1.2.5). The problem seems to be particular to Mac OS, since *something* causes the filePutbuf() function inside the gd library to get an incorect size of data to write, resulting in a bug you are seeing. 
For the record, I am unable to replicate this bug on Linux.

[2002-10-05 10:03 UTC] sprice at wisc dot edu

Tried it, still doesn't work. I wish you guys would make the libpng version show up in phpinfo() so I could be sure I compiled everything right. If everything worked as advertised, I compiled libpng v1.2.5rc3. I configured with "--with-gd=/usr/local" and "--with-gd=php"

[2002-10-05 21:27 UTC] sprice at wisc dot edu

I tried both libpng v1.0.15 and v1.2.5. Same problem.

[2002-10-06 02:29 UTC] rasmus@php.net

I think I fixed this in CVS - please test.  It doesn't crash on my box so I can't really test it.  It was one of these super-intelligent fixes.  I couldn't figure out what the code that was crashing was doing, so I just removed it.  You can see the patch here:


http://news.php.net/article.php?group=php.cvs&article=14592

[2002-10-06 12:24 UTC] sprice at wisc dot edu

I grabbed the cvs snapshot, tested it nice and good, and it seems to work great. You did good. I did uncover another bug in ImageTrueColorToPalette(), but it seems like a different bug so I am going to report it as such. It is bug #19781.
( http://bugs.php.net/bug.php?id=19781 )

<girlfriend>
*hugs* for all!  Thanks for all your great help you gave my boyfriend!  You guys are great!
</girlfriend>

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon May 12 06:01:28 2025 UTC