php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #56431 imagick crash on some image filenames
Submitted: 2005-06-27 02:40 UTC Modified: 2005-10-23 10:31 UTC
From: cstdenis at fanart-central dot net Assigned:
Status: Not a bug Package: imagick (PECL)
PHP Version: 5.0.3 OS: FreeBSD 5.4
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: cstdenis at fanart-central dot net
New email:
PHP Version: OS:

 

 [2005-06-27 02:40 UTC] cstdenis at fanart-central dot net
Description:
------------
if the path passed to imagick_readimage is not valid it causes a crash (pid 94741 (httpd), uid 80: exited on signal 10)

Also, if the path contains a URLencoded space (%20) the same crash also results. 

Reproduce code:
---------------
//crash, invalid URL
imagick_readimage("5");

//works
imagick_readimage("http://images.fanart-central.net/c/cstdenis/236541.jpg");

//crash, vaid url, but contains URLencoded space.
imagick_readimage("http://images.fanart-central.net/c/cstdenis/236%20541.jpg");

Expected result:
----------------
invalid URL should give error, urlencoded spaces should work.

Actual result:
--------------
both cause crash.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-07-01 18:00 UTC] cstdenis at fanart-central dot net
Here is a backtrace

new-sakura# gdb ./sapi/cli/php php.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
Core was generated by `php'.
Program terminated with signal 10, Bus error.
Reading symbols from /lib/libcrypt.so.2...done.
Loaded symbols for /lib/libcrypt.so.2
Reading symbols from /usr/local/lib/mysql/libmysqlclient.so.14...done.
Loaded symbols for /usr/local/lib/mysql/libmysqlclient.so.14
Reading symbols from /usr/local/lib/libWand.so.8...done.
Loaded symbols for /usr/local/lib/libWand.so.8
Reading symbols from /lib/libm.so.3...done.
Loaded symbols for /lib/libm.so.3
Reading symbols from /usr/local/lib/libxml2.so.5...done.
Loaded symbols for /usr/local/lib/libxml2.so.5
Reading symbols from /lib/libz.so.2...done.
Loaded symbols for /lib/libz.so.2
Reading symbols from /usr/local/lib/libiconv.so.3...done.
Loaded symbols for /usr/local/lib/libiconv.so.3
Reading symbols from /usr/local/lib/libMagick.so.8...done.
Loaded symbols for /usr/local/lib/libMagick.so.8
Reading symbols from /usr/local/lib/libjbig.so.1...done.
Loaded symbols for /usr/local/lib/libjbig.so.1
Reading symbols from /usr/local/lib/liblcms.so.1...done.
Loaded symbols for /usr/local/lib/liblcms.so.1
Reading symbols from /usr/local/lib/libtiff.so.4...done.
Loaded symbols for /usr/local/lib/libtiff.so.4
Reading symbols from /usr/local/lib/libfreetype.so.9...done.
Loaded symbols for /usr/local/lib/libfreetype.so.9
Reading symbols from /usr/local/lib/libjasper.so.4...done.
Loaded symbols for /usr/local/lib/libjasper.so.4
Reading symbols from /usr/local/lib/libjpeg.so.9...done.
Loaded symbols for /usr/local/lib/libjpeg.so.9
Reading symbols from /usr/local/lib/libpng.so.5...done.
Loaded symbols for /usr/local/lib/libpng.so.5
Reading symbols from /usr/local/lib/libfpx.so.1...done.
Loaded symbols for /usr/local/lib/libfpx.so.1
Reading symbols from /usr/X11R6/lib/libdpstk.so.1...done.
Loaded symbols for /usr/X11R6/lib/libdpstk.so.1
Reading symbols from /usr/X11R6/lib/libdps.so.1...done.
Loaded symbols for /usr/X11R6/lib/libdps.so.1
Reading symbols from /usr/X11R6/lib/libXext.so.6...done.
Loaded symbols for /usr/X11R6/lib/libXext.so.6
Reading symbols from /usr/X11R6/lib/libXt.so.6...done.
Loaded symbols for /usr/X11R6/lib/libXt.so.6
Reading symbols from /usr/X11R6/lib/libSM.so.6...done.
Loaded symbols for /usr/X11R6/lib/libSM.so.6
Reading symbols from /usr/X11R6/lib/libICE.so.6...done.
Loaded symbols for /usr/X11R6/lib/libICE.so.6
Reading symbols from /usr/X11R6/lib/libX11.so.6...done.
Loaded symbols for /usr/X11R6/lib/libX11.so.6
Reading symbols from /usr/lib/libbz2.so.1...done.
Loaded symbols for /usr/lib/libbz2.so.1
Reading symbols from /lib/libc.so.5...done.
Loaded symbols for /lib/libc.so.5
Reading symbols from /usr/lib/libstdc++.so.4...done.
Loaded symbols for /usr/lib/libstdc++.so.4
Reading symbols from /usr/lib/libssl.so.3...done.
Loaded symbols for /usr/lib/libssl.so.3
Reading symbols from /lib/libcrypto.so.3...done.
Loaded symbols for /lib/libcrypto.so.3
Reading symbols from /usr/local/lib/libltdl.so.4...done.
Loaded symbols for /usr/local/lib/libltdl.so.4
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0  _efree (ptr=0x0) at /usr/home/cstdenis/temp/php-5.0.4/Zend/zend_alloc.c:263
263             CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p->size);
(gdb) bt
#0  _efree (ptr=0x0) at /usr/home/cstdenis/temp/php-5.0.4/Zend/zend_alloc.c:263
#1  0x08085c05 in zm_deactivate_imagick (type=1, module_number=11) at /usr/home/cstdenis/temp/php-5.0.4/ext/imagick/imagick.c:666
#2  0x08175bb9 in module_registry_cleanup (module=0x81f6ca4) at /usr/home/cstdenis/temp/php-5.0.4/Zend/zend_API.c:1535
#3  0x08178584 in zend_hash_apply (ht=0x81f9d20, apply_func=0x8175b98 <module_registry_cleanup>) at /usr/home/cstdenis/temp/php-5.0.4/Zend/zend_hash.c:664
#4  0x08171e32 in zend_deactivate_modules () at /usr/home/cstdenis/temp/php-5.0.4/Zend/zend.c:802
#5  0x0814168d in php_request_shutdown (dummy=0x0) at /usr/home/cstdenis/temp/php-5.0.4/main/main.c:1201
#6  0x081a5cf8 in main (argc=2, argv=0xbfbfec74) at /usr/home/cstdenis/temp/php-5.0.4/sapi/cli/php_cli.c:1049
(gdb)
 [2005-08-29 21:21 UTC] cstdenis at fanart-central dot net
Additional debug info from the apache log.

Is this project being actively maintained?

[Mon Aug 29 15:27:13 2005] [notice] child pid 78941 exit signal Segmentation fault (11)
Assertion failed: (image != (Image *) NULL), function CompositeImage, file magick/composite.c, line 996.
[Mon Aug 29 15:29:24 2005] [notice] child pid 79028 exit signal Abort trap (6)
Assertion failed: (image != (Image *) NULL), function CompositeImage, file magick/composite.c, line 996.
[Mon Aug 29 15:29:25 2005] [notice] child pid 78758 exit signal Abort trap (6)
[Mon Aug 29 16:01:38 2005] [notice] child pid 82704 exit signal Segmentation fault (11)
[Mon Aug 29 16:22:24 2005] [notice] child pid 88494 exit signal Segmentation fault (11)
Assertion failed: (image != (Image *) NULL), function CompositeImage, file magick/composite.c, line 996.
Assertion failed: (image != (Image *) NULL), function CompositeImage, file magick/composite.c, line 996.
[Mon Aug 29 16:39:53 2005] [notice] child pid 89068 exit signal Abort trap (6)
[Mon Aug 29 16:39:53 2005] [notice] child pid 89067 exit signal Abort trap (6)
 [2005-10-23 10:31 UTC] mike@php.net
Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same. Because of this, we hope you add your comments
to the existing bug instead.

Thank you for your interest in PECL.

Duplicate of bug #4661
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 27 09:01:29 2024 UTC