php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58211 Segfault under 64bit OS
Submitted: 2008-06-03 02:40 UTC Modified: 2016-07-25 15:57 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: alan at fromorbit dot com Assigned: cmb (profile)
Status: Closed Package: ps (PECL)
PHP Version: Irrelevant OS: FreeBSD 7.0p1 64bit
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: alan at fromorbit dot com
New email:
PHP Version: OS:

 

 [2008-06-03 02:40 UTC] alan at fromorbit dot com
Description:
------------
Hi all,

I found a bug in this extension. It will cause php to crash with a segfault. I've tracked it down to the imageid in ps_place_image(). zend_parse_parameters() was loading a long into an int. I've made a patch to fix this.

--- ps.c.orig   2007-11-27 20:40:14.000000000 +1100
+++ ps.c        2008-06-03 02:07:28.000000000 +1000
@@ -1302,7 +1302,7 @@
        zval *zps;
        char *type, *filename, *image, *stringparam = NULL;
        int type_len, filename_len, stringparam_len;
-       int imageid, intparam = 0;
+       long imageid;
+       intparam = 0;
        PSDoc *ps;

        if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rss|sl", &zps, &type, &type_len, &filename, &filename_len, &stringparam, &stringparam_len, &intparam)) {
@@ -1333,7 +1333,7 @@
 {
        zval **arg1, **arg2;
        int i, j, color, count;
-       int imageid;
+       long imageid;
        gdImagePtr im;
        unsigned char *buffer, *ptr;
        PSDoc *ps;
@@ -1399,7 +1399,7 @@
 PHP_FUNCTION(ps_close_image)
 {
        zval *zps;
-       int imageid;
+       long imageid;
        PSDoc *ps;

        if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rl", &zps, &imageid)) {
@@ -1408,7 +1408,7 @@

        PSDOC_FROM_ZVAL(ps, &zps);

-       PS_close_image(ps, imageid);
+       PS_close_image(ps, (int) imageid);
 }
 /* }}} */

@@ -1417,7 +1417,7 @@
 PHP_FUNCTION(ps_place_image)
 {
        zval *zps;
-       int imageid;
+       long imageid;
        double x, y, scale;
        PSDoc *ps;

@@ -1427,7 +1427,7 @@

        PSDOC_FROM_ZVAL(ps, &zps);

-       PS_place_image(ps, imageid, (float) x, (float) y, (float) scale);
+       PS_place_image(ps, (int) imageid, (float) x, (float) y, (float) scale);

        RETURN_TRUE;
 }
@@ -1778,7 +1778,7 @@
        zval **arg1, **arg2, **arg3, **arg4, **arg5, **arg6, **arg7;
        PSDoc *ps;
        char *image;
-       int imageid;
+       long imageid;

        if (ZEND_NUM_ARGS() != 7 || zend_get_parameters_ex(7, &arg1, &arg2, &arg3, &arg4, &arg5, &arg6, &arg7) == FAILURE) {
                WRONG_PARAM_COUNT;
@@ -1819,7 +1819,7 @@
        char *type, *params, *source, *data;
        int type_len, params_len, source_len, data_len;
        int length, width, height, components, bpc;
-       int imageid;
+       long imageid;
        char *image;
        PSDoc *ps;

@@ -2039,7 +2039,7 @@
  * Add an existing image as thumbnail for the current page. */
 PHP_FUNCTION(ps_add_thumbnail) {
        zval *zps;
-       int imageid;
+       long imageid;
        PSDoc *ps;

        if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rl", &zps, &imageid)) {
@@ -2048,7 +2048,7 @@

        PSDOC_FROM_ZVAL(ps, &zps);

-       PS_add_thumbnail(ps, imageid);
+       PS_add_thumbnail(ps, (int) imageid);

        RETURN_TRUE;
 } /* }}} */





Patches

php-ps-64bit.patch (last revision 2012-07-13 06:51 UTC by ttkaminski at gmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-07-13 06:50 UTC] ttkaminski at gmail dot com
Your patch is only a partial fix.  I was having trouble with the ps_setfont() 
function.  I ended up going through the entire ps.c code and identifying all 
arguments that should be parsed as long.  Patch against 1.3.6 included.
 [2012-11-29 20:16 UTC] clint at ubuntu dot com
This was also found on Ubuntu, in the latest dev release and Ubuntu 12.10.

https://bugs.launchpad.net/ubuntu/+source/php-ps/+bug/1024207
 [2016-07-25 15:57 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2016-07-25 15:57 UTC] cmb@php.net
This is supposed to have been fixed as of ps-1.3.7.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Fri Jan 31 04:01:27 2025 UTC