php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #37992 several invalid writes in ext/gd/tests/bug24594.phpt reported by valgrind
Submitted: 2006-07-02 21:52 UTC Modified: 2006-10-16 15:06 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: tony2001@php.net Assigned: pajoye (profile)
Status: Closed Package: GD related
PHP Version: 5CVS-2006-07-02 (CVS) OS: Linux 32bit
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tony2001@php.net
New email:
PHP Version: OS:

 

 [2006-07-02 21:52 UTC] tony2001@php.net 
Description:
------------
See http://gcov.php.net/PHP_5_2/tests/ext/gd/tests/bug24594.mem

==12492== Invalid read of size 4
==12492==    at 0x81F4BF0: php_gd__gdImageFillTiled (gd.c:2001)
==12492==    by 0x81F3FC8: php_gd_gdImageFill (gd.c:1892)
==12492==    by 0x81E5E39: zif_imagefill (gd.c:3376)
==12492==    by 0x8710D47: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==12492==    by 0x8715D49: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:1642)
==12492==    by 0x8710736: execute (zend_vm_execute.h:92)
==12492==    by 0x86DCF66: zend_execute_scripts (zend.c:1110)
==12492==    by 0x8665D89: php_execute_script (main.c:1748)
==12492==    by 0x879B23C: main (php_cli.c:1097)
==12492==  Address 0x4FD298C is 0 bytes after a block of size 612 alloc'd
==12492==    at 0x401B65A: malloc (vg_replace_malloc.c:149)
==12492==    by 0x86B0BC9: _emalloc (zend_alloc.c:182)
==12492==    by 0x86B11E3: _ecalloc (zend_alloc.c:320)
==12492==    by 0x81F478A: php_gd__gdImageFillTiled (gd.c:1967)
==12492==    by 0x81F3FC8: php_gd_gdImageFill (gd.c:1892)
==12492==    by 0x81E5E39: zif_imagefill (gd.c:3376)
==12492==    by 0x8710D47: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==12492==    by 0x8715D49: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:1642)
==12492==    by 0x8710736: execute (zend_vm_execute.h:92)
==12492==    by 0x86DCF66: zend_execute_scripts (zend.c:1110)
==12492==    by 0x8665D89: php_execute_script (main.c:1748)
==12492==    by 0x879B23C: main (php_cli.c:1097)
==12492== 
==12492== Invalid read of size 4
==12492==    at 0x81F4C5D: php_gd__gdImageFillTiled (gd.c:2002)
==12492==    by 0x81F3FC8: php_gd_gdImageFill (gd.c:1892)
==12492==    by 0x81E5E39: zif_imagefill (gd.c:3376)
==12492==    by 0x8710D47: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==12492==    by 0x8715D49: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:1642)
==12492==    by 0x8710736: execute (zend_vm_execute.h:92)
==12492==    by 0x86DCF66: zend_execute_scripts (zend.c:1110)
==12492==    by 0x8665D89: php_execute_script (main.c:1748)
==12492==    by 0x879B23C: main (php_cli.c:1097)
==12492==  Address 0x4FD298C is 0 bytes after a block of size 612 alloc'd
==12492==    at 0x401B65A: malloc (vg_replace_malloc.c:149)
==12492==    by 0x86B0BC9: _emalloc (zend_alloc.c:182)
==12492==    by 0x86B11E3: _ecalloc (zend_alloc.c:320)
==12492==    by 0x81F478A: php_gd__gdImageFillTiled (gd.c:1967)
==12492==    by 0x81F3FC8: php_gd_gdImageFill (gd.c:1892)
==12492==    by 0x81E5E39: zif_imagefill (gd.c:3376)
==12492==    by 0x8710D47: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==12492==    by 0x8715D49: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:1642)
==12492==    by 0x8710736: execute (zend_vm_execute.h:92)
==12492==    by 0x86DCF66: zend_execute_scripts (zend.c:1110)
==12492==    by 0x8665D89: php_execute_script (main.c:1748)
==12492==    by 0x879B23C: main (php_cli.c:1097)
==12492== 
==12492== Invalid write of size 4
==12492==    at 0x81F4CD9: php_gd__gdImageFillTiled (gd.c:2007)
==12492==    by 0x81F3FC8: php_gd_gdImageFill (gd.c:1892)
==12492==    by 0x81E5E39: zif_imagefill (gd.c:3376)
==12492==    by 0x8710D47: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==12492==    by 0x8715D49: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:1642)
==12492==    by 0x8710736: execute (zend_vm_execute.h:92)
==12492==    by 0x86DCF66: zend_execute_scripts (zend.c:1110)
==12492==    by 0x8665D89: php_execute_script (main.c:1748)
==12492==    by 0x879B23C: main (php_cli.c:1097)
==12492==  Address 0x4FD298C is 0 bytes after a block of size 612 alloc'd
==12492==    at 0x401B65A: malloc (vg_replace_malloc.c:149)
==12492==    by 0x86B0BC9: _emalloc (zend_alloc.c:182)
==12492==    by 0x86B11E3: _ecalloc (zend_alloc.c:320)
==12492==    by 0x81F478A: php_gd__gdImageFillTiled (gd.c:1967)
==12492==    by 0x81F3FC8: php_gd_gdImageFill (gd.c:1892)
==12492==    by 0x81E5E39: zif_imagefill (gd.c:3376)
==12492==    by 0x8710D47: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==12492==    by 0x8715D49: ZEND_DO_FCALL_SPEC_CONST_HANDLER (zend_vm_execute.h:1642)
==12492==    by 0x8710736: execute (zend_vm_execute.h:92)
==12492==    by 0x86DCF66: zend_execute_scripts (zend.c:1110)
==12492==    by 0x8665D89: php_execute_script (main.c:1748)
==12492==    by 0x879B23C: main (php_cli.c:1097)

Reproduce code:
---------------
http://gcov.php.net/PHP_5_2/tests/ext/gd/tests/bug24594.phpt.phps

Expected result:
----------------
.

Actual result:
--------------
.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-10-16 15:06 UTC] iliaa@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Feb 05 19:01:31 2025 UTC