PHP :: Bug #49193 :: gd_compat > gdJpegGetVersionString should return const char* not int

Bug #49193	gd_compat > gdJpegGetVersionString should return const char* not int
Submitted:	2009-08-07 17:14 UTC	Modified:	2009-08-09 13:16 UTC
From:	th at drillich dot com	Assigned:
Status:	Closed	Package:	GD related
PHP Version:	5.3.0	OS:	All 64Bit systems
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	th at drillich dot com
New email:
PHP Version:		OS:

New Comment:

[2009-08-07 17:14 UTC] th at drillich dot com

Description:
------------
In gd_compat.[hc]

gdJpegGetVersionString() is declared as returning int not const
char*, but sizeof(int) != sizeof(const char*) on some systems like
here sizeof(int) == 4 and sizeof(const char*) == 8.

this causes a segfault on phpinfo().
cu thomas

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f996e9c3740 (LWP 17235)]
strlen () at ../sysdeps/x86_64/strlen.S:48
48      ../sysdeps/x86_64/strlen.S: No such file or directory.
        in ../sysdeps/x86_64/strlen.S
Current language:  auto; currently asm
(gdb) bt
#0  strlen () at ../sysdeps/x86_64/strlen.S:48
#1  0x00007f9969a207c8 in format_converter (odp=0x7fff76a001f0,
fmt=0x7f9964f364d0 "s", ap=0x7fff76a00150) at
src/php5/php5-5.3.0/main/snprintf.c:964
#2  0x00007f9969a213ac in strx_printv (ccp=0x7fff76a0020c,
buf=0x7f996e9c36f0 "(X\206n\231\177", len=1990197800,
format=0x7f9964f364cf "%s", ap=0x0)
    at src/php5/php5-5.3.0/main/snprintf.c:1211
#3  0x00007f9969a21554 in ap_php_snprintf (buf=0x7fff76a002db "",
len=1855731440, format=0x0) at
src/php5/php5-5.3.0/main/snprintf.c:1256
#4  0x00007f9964f32b44 in zm_info_gd (zend_module=0x13c2bb0) at
src/php5/php5-5.3.0/ext/gd/gd.c:1296
#5  0x00007f99699c06e0 in _display_module_info_func
(module=0x64f37878) at src/php5/php5-5.3.0/ext/standard/info.c:123
#6  0x00007f9969a7c6d5 in zend_hash_apply (ht=0x7fff76a00520,
apply_func=0x7f99699c06d0 <_display_module_info_func>)
    at src/php5/php5-5.3.0/Zend/zend_hash.c:673
#7  0x00007f99699c1a5a in php_print_info (flag=32767) at
src/php5/php5-5.3.0/ext/standard/info.c:903
#8  0x00007f99699c1e61 in zif_phpinfo (ht=1693677688,
return_value=0x130f858, return_value_ptr=0x7fff76a00228,
this_ptr=0x0, return_value_used=-16843009)
    at src/php5/php5-5.3.0/ext/standard/info.c:1217
#9  0x00007f9969ac1e5b in zend_do_fcall_common_helper_SPEC
(execute_data=0x7f996a17c580) at
src/php5/php5-5.3.0/Zend/zend_vm_execute.h:313
#10 0x00007f9969a9b299 in execute (op_array=0x130eea8) at
src/php5/php5-5.3.0/Zend/zend_vm_execute.h:104
#11 0x00007f9969a700c1 in zend_execute_scripts (type=0,
retval=0x7fff76a00770, file_count=3) at
src/php5/php5-5.3.0/Zend/zend.c:1188
#12 0x00007f9969a1c805 in php_execute_script (primary_file=Cannot
access memory at address 0x8000769ff690
) at src/php5/php5-5.3.0/main/main.c:2196
#13 0x00007f9969afa775 in php_handler (r=0x43c055) at
src/php5/php5-5.3.0/sapi/apache2handler/sapi_apache2.c:663
#14 0x000000000043b8d3 in ap_run_handler ()
#15 0x000000000043ee9f in ap_invoke_handler ()
#16 0x000000000044c11e in ap_process_request ()
#17 0x0000000000449158 in ?? ()
#18 0x0000000000442dd3 in ap_run_process_connection ()
#19 0x0000000000450720 in ?? ()
#20 0x0000000000450a38 in ?? ()
#21 0x0000000000451050 in ap_mpm_run ()
#22 0x0000000000428425 in main ()
(gdb)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-08-08 16:49 UTC] th at drillich dot com

Here's the patch which fixes the bug:

---
php5-5.3.0/ext/gd/libgd/gd_compat.hgdJpegGetVersionString_returnsInt
2009-08-07 19:09:40.000000000 +0200
+++ php5-5.3.0/ext/gd/libgd/gd_compat.h	2009-08-07 19:09:54.000000000
+0200
@@ -8,7 +8,7 @@
 #endif
 
 const char * gdPngGetVersionString();
-int gdJpegGetVersionString();
+const char * gdJpegGetVersionString();
 int gdJpegGetVersionInt();
 int overflow2(int a, int b);
 
---
php5-5.3.0/ext/gd/libgd/gd_compat.c.gdJpegGetVersionString_returnsInt
2009-08-07 19:09:07.000000000 +0200
+++ php5-5.3.0/ext/gd/libgd/gd_compat.c	2009-08-07 19:10:11.000000000
+0200
@@ -14,7 +14,7 @@
 	return JPEG_LIB_VERSION;
 }
 
-int gdJpegGetVersionString()
+const char * gdJpegGetVersionString()
 {
 	switch(JPEG_LIB_VERSION) {
 		case 62:

[2009-08-09 13:15 UTC] svn@php.net

Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&revision=286948
Log: Fixed bug #49193 (gdJpegGetVersionString() inside gd_compact identifies wrong type in declaration)

[2009-08-09 13:16 UTC] svn@php.net

Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&revision=286949
Log: MFB: Fixed bug #49193 (gdJpegGetVersionString() inside gd_compact identifies wrong type in declaration)

[2009-08-09 13:16 UTC] iliaa@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 14:01:29 2024 UTC