php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #24316 imagepng() crashes apache2
Submitted: 2003-06-24 08:56 UTC Modified: 2003-07-04 02:10 UTC
From: joerg@php.net Assigned:
Status: No Feedback Package: GD related
PHP Version: 4.3.3RC1 OS: IRIX64 indigo2 6.5 04091957 IP28
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: joerg@php.net
New email:
PHP Version: OS:

 

 [2003-06-24 08:56 UTC] joerg@php.net
Description:
------------
Apache2 produce a core when using the imagepng() function that would returns the image direcly to the browser.

That wont happend when testing the same script with php cli version.

First i thought that i can avoid this when saving the image to disk but thats produce only 0 bytes files.

The whole box get a fresh install of everything and a plain php was built.

'./configure' \
'--with-zlib-dir=/usr/local' \
'--with-zlib' \
'--with-apxs2filter=/usr/local/apache2/bin/apxs' \
'--with-config-file-path=/etc' \
'--with-mysql=/usr/local/mysql' \
'--with-pear' \
'--with-gd' \
'--with-jpeg-dir=/usr/local' \
'--with-png-dir=/usr/local' \
'--with-ttf=/usr/local' \
'--enable-debug' \


ldd /usr/local/apache2/modules/libphp4.so                   libmysqlclient.so.13  =>         /usr/local/mysql/lib/mysql/libmysqlclient.so.13
        libttf.so.3  =>  /usr/local/lib/libttf.so.3
        libpng.so.3  =>  /usr/local/lib/libpng.so.3
        libz.so  =>      /usr/local/lib/libz.so
        libjpeg.so  =>   /usr/local/lib/libjpeg.so
        libm.so  =>      /usr/lib32/libm.so
        libc.so.1  =>    /usr/lib32/libc.so.1
        libcrypt.so  =>  /usr/lib32/libcrypt.so
        libgen.so  =>    /usr/lib32/libgen.so
        libnsl.so  =>    /usr/lib32/libnsl.so




Reproduce code:
---------------
<?php
$format = 'png';
$im = ImageCreate (250, 100) or die ("Canot create GD-Stream");
ImageColorAllocate ($im, 120, 255, 255);
header('Content-type: image/'.$format);
ImagePNG ($im);
?>

Expected result:
----------------
Something like

\211PNG^M
^Z
^MIHDR?d^A^C\225N?M^CPLTEx??C?^V?^ZIDATx\234??^A^M ?Om^O^G^T?\217^A^L?^Aұ?dIEND?B`\202

Actual result:
--------------
I get
/usr/local/apache2/bin/httpd -X
Trace/BPT/RangeErr/DivZero/Ovflow trap (core dumped)
when run that script.


gdb /usr/local/apache2/bin/httpd core
GNU gdb 5.3
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "mips-sgi-irix6.5"...
Core was generated by `httpd'.
Program terminated with signal 5, Trace/breakpoint trap.
Reading symbols from /usr/local/lib32/libssl.so.0.9.7...done.
Loaded symbols for /usr/local/lib32/libssl.so.0.9.7
Reading symbols from /usr/local/lib32/libcrypto.so.0.9.7...done.
Loaded symbols for /usr/local/lib32/libcrypto.so.0.9.7
Reading symbols from /usr/local/apache2/lib/libaprutil-0.so.1...done.
Loaded symbols for /usr/local/apache2/lib/libaprutil-0.so.1
Reading symbols from /usr/local/lib32/libexpat.so.1...done.
Loaded symbols for /usr/local/lib32/libexpat.so.1
Reading symbols from /usr/local/lib32/libiconv.so.3...done.
Loaded symbols for /usr/local/lib32/libiconv.so.3
Reading symbols from /usr/local/apache2/lib/libapr-0.so.1...done.
Loaded symbols for /usr/local/apache2/lib/libapr-0.so.1
Reading symbols from /usr/lib32/libm.so...done.
Loaded symbols for /usr/lib32/libm.so
Reading symbols from /usr/lib32/libsocket.so...done.
Loaded symbols for /usr/lib32/libsocket.so
Reading symbols from /usr/lib32/libnsl.so...done.
Loaded symbols for /usr/lib32/libnsl.so
Reading symbols from /usr/lib32/libpthread.so...done.
Loaded symbols for /usr/lib32/libpthread.so
Reading symbols from /usr/lib32/libmp.so...done.
Loaded symbols for /usr/lib32/libmp.so
Reading symbols from /usr/lib32/libc.so.1...done.
Loaded symbols for /usr/lib32/libc.so.1
Reading symbols from /usr/local/lib32/libz.so...done.
Loaded symbols for /usr/local/lib32/libz.so
[skip apache module]
Reading symbols from /usr/local/apache2/modules/libphp4.so...done.
Loaded symbols for /usr/local/apache2/modules/libphp4.so
Reading symbols from /usr/local/mysql/lib/mysql/libmysqlclient.so.13...done.
Loaded symbols for /usr/local/mysql/lib/mysql/libmysqlclient.so.13
Reading symbols from /usr/local/lib32/libttf.so.3...done.
Loaded symbols for /usr/local/lib32/libttf.so.3
Reading symbols from /usr/local/lib32/libpng.so.3...done.
Loaded symbols for /usr/local/lib32/libpng.so.3
Loaded symbols for /usr/local/lib32/libz.so
Reading symbols from /usr/local/lib32/libjpeg.so...done.
Loaded symbols for /usr/local/lib32/libjpeg.so
Loaded symbols for /usr/local/lib32/libz.so
Reading symbols from /usr/lib32/libcrypt.so...done.
Loaded symbols for /usr/lib32/libcrypt.so
Reading symbols from /usr/lib32/libgen.so...done.
Loaded symbols for /usr/lib32/libgen.so

(gdb) bt
#0  0x047a0b84 in ?? () from /usr/local/lib32/libz.so
#1  0x047ec9b0 in deflateInit2_ () at deflate.c:280
#2  0x047ec9b0 in deflateInit2_ () at deflate.c:280
....

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-06-24 08:59 UTC] iliaa@php.net
Are you using the 'worker' (thread) based model? If that is the case try removing '--with-ttf=/usr/local' from your configure line and see if you can still replicate the scrash.
 [2003-06-24 09:22 UTC] joerg@php.net
No, its using preforking. I create now a build with less extensions... only php gd+png and try again.
 [2003-06-29 21:18 UTC] sniper@php.net
And?

 [2003-07-04 02:10 UTC] sniper@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 27 05:01:27 2024 UTC