php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66339 PHP segfaults in imagexbm
Submitted: 2013-12-23 06:14 UTC Modified: 2015-07-11 19:05 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: fernando at null-life dot com Assigned: cmb (profile)
Status: Closed Package: GD related
PHP Version: 5.5.7 OS: *
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: fernando at null-life dot com
New email:
PHP Version: OS:

 

 [2013-12-23 06:14 UTC] fernando at null-life dot com
Description:
------------
I noticed a couple of wrongdoings (according to docs) in this imagexbm function:

- When passing null to the 2nd parameter (filename) PHP crashes.
- When passing a filename, the output stream is still sent to stdout.

http://www.php.net/manual/en/function.imagexbm.php

Test script:
---------------
<?php

$im = imagecreatetruecolor(20, 20);
imagexbm($im, null);

Expected result:
----------------
Show image on stdout since filename is null. 



Actual result:
--------------
(940.b24): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=ffffffff ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=6ba09262 esp=00a6e604 ebp=00a6e608 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00210246
MSVCR110!strrchr+0x3d:
6ba09262 f30f6f0f        movdqu  xmm1,xmmword ptr [edi] ds:002b:00000000=????????????????????????????????
0:000> k
ChildEBP RetAddr  
00a6e608 695eed56 MSVCR110!strrchr+0x3d
00a6e630 695d2933 php_gd2!php_gd_gdImageXbmCtx+0x16 [c:\php-sdk\php55\vc11\x86\php-5.5.7\ext\gd\libgd\xbm.c @ 181]
00a6e678 695d7ba8 php_gd2!_php_image_output_ctx+0x283 [c:\php-sdk\php55\vc11\x86\php-5.5.7\ext\gd\gd_ctx.c @ 171]
00a6e694 67c49971 php_gd2!zif_imagexbm+0x18 [c:\php-sdk\php55\vc11\x86\php-5.5.7\ext\gd\gd.c @ 2696]
00a6e6fc 67c49075 php5!zend_do_fcall_common_helper_SPEC+0x1b1 [c:\php-sdk\php55\vc11\x86\php-5.5.7\zend\zend_vm_execute.h @ 550]
00a6e738 67c6052b php5!execute_ex+0x295 [c:\php-sdk\php55\vc11\x86\php-5.5.7\zend\zend_vm_execute.h @ 363]
00a6e75c 67c60ede php5!zend_execute+0x14b [c:\php-sdk\php55\vc11\x86\php-5.5.7\zend\zend_vm_execute.h @ 388]
00a6e790 67c61c7c php5!zend_execute_scripts+0xde [c:\php-sdk\php55\vc11\x86\php-5.5.7\zend\zend.c @ 1320]
00a6ea20 7749a1e0 php5!php_execute_script+0x14c [c:\php-sdk\php55\vc11\x86\php-5.5.7\main\main.c @ 2489]
00a6ea34 7749aa22 KERNELBASE!BasepInitializeFindFileHandle+0x59
00a6ed20 00a6ee1c KERNELBASE!FindFirstFileExW+0x532
WARNING: Frame IP not in any known module. Following frames may be wrong.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-12-29 09:53 UTC] krakjoe@php.net
-Assigned To: +Assigned To: helly
 [2013-12-29 09:54 UTC] krakjoe@php.net
Assigned to the person who wrote the source, hopefully they'll have some insight ...
 [2015-07-11 18:16 UTC] cmb@php.net
-Assigned To: helly +Assigned To: cmb
 [2015-07-11 18:16 UTC] cmb@php.net
The problem is in _php_image_output_ctx()[1], where the different
ZPP for XBM images is not fully taken into account.

[1] <https://github.com/php/php-src/blob/PHP-5.6.11/ext/gd/gd_ctx.c#L77>
 [2015-07-11 19:03 UTC] cmb@php.net
Automatic comment on behalf of cmb
Revision: http://git.php.net/?p=php-src.git;a=commit;h=c40f40656e49cf7006dfa7e8f0db5b3d0d286045
Log: Fix #66339: PHP segfaults in imagexbm
 [2015-07-11 19:03 UTC] cmb@php.net
-Status: Assigned +Status: Closed
 [2015-07-11 19:04 UTC] cmb@php.net
The fix for this bug has been committed.

Thank you for the report, and for helping us make PHP better.
 [2015-07-11 19:05 UTC] cmb@php.net
-Operating System: Windows +Operating System: *
 [2015-07-21 14:21 UTC] ab@php.net
Automatic comment on behalf of cmb
Revision: http://git.php.net/?p=php-src.git;a=commit;h=c40f40656e49cf7006dfa7e8f0db5b3d0d286045
Log: Fix #66339: PHP segfaults in imagexbm
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Nov 22 04:01:28 2024 UTC