PHP :: Bug #69177 :: imagefilltoborder segfault

Bug #69177	imagefilltoborder segfault
Submitted:	2015-03-03 19:13 UTC	Modified:	2016-06-07 10:32 UTC
From:	polyanin at gmail dot com	Assigned:	cmb (profile)
Status:	Closed	Package:	GD related
PHP Version:	5.6.6	OS:	debian 8
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	polyanin at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2015-03-03 19:13 UTC] polyanin at gmail dot com

Description:
------------
kernel: [733793.955529] php5-fpm[7936]: segfault at 7fff43558ff8 ip 00007fd254b9f389 sp 00007fff43559000 error 6 in libgd.so.3.0.0[7fd254b8f000+43000]

Test script:
---------------
<?php
// create a 200*200 image
$img = imagecreatetruecolor(200, 200);
// allocate some colors
$red   = imagecolorallocate($img, 255,   0,   0);
imagefilltoborder($img, 200, 200, $red, $red);
// output image in the browser
header("Content-type: image/png");
imagepng($img);
// free memory
imagedestroy($img);

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff33b9382 in gdImageSetPixel () from /usr/lib/x86_64-linux-gnu/libgd.so.3
(gdb) bt
#0  0x00007ffff33b9382 in gdImageSetPixel () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#1  0x00007ffff33baed3 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#2  0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#3  0x00007ffff33bb086 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#4  0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#5  0x00007ffff33bb086 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#6  0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#7  0x00007ffff33bb086 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#8  0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#9  0x00007ffff33bb086 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#10 0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#11 0x00007ffff33bb086 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#12 0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#13 0x00007ffff33bb086 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3
#14 0x00007ffff33bb064 in gdImageFillToBorder () from /usr/lib/x86_64-linux-gnu/libgd.so.3

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-07-12 17:35 UTC] cmb@php.net

-Status: Open +Status: Feedback

[2015-07-12 17:35 UTC] cmb@php.net

I can't reproduce the segfault with the official Windows build of
PHP 5.6.6. Which libgd version do you use (see gd_info)?

[2015-07-12 18:12 UTC] polyanin at gmail dot com

I do not use windows, try it in Linux (I use Debian 8.1)

PHP 5.6.9-0+deb8u1

php -r 'print_r(gd_info());'
Array
(
    [GD Version] => 2.1.1-dev
    [FreeType Support] => 1
    [FreeType Linkage] => with freetype
    [T1Lib Support] =>
    [GIF Read Support] => 1
    [GIF Create Support] => 1
    [JPEG Support] => 1
    [PNG Support] => 1
    [WBMP Support] => 1
    [XPM Support] => 1
    [XBM Support] => 1
    [JIS-mapped Japanese Font Support] =>
)

Package: php5-gd
Version: 5.6.7+dfsg-1
Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Architecture: amd64

[2015-07-12 20:01 UTC] cmb@php.net

-Status: Feedback +Status: Open

[2015-07-12 22:08 UTC] cmb@php.net

I can reproduce the issue on Debian 8.1 with php5/php5-gd
5.6.9+dfsg-0+deb8u1 and libgd 2.1.1-dev. However, 5.6GIT with the
bundled libgd doesn't segfault. I guess there's an issue with the
libgd 2.1.1-dev version. FWIW, libgd 2.1.1 (GA) has been released
half a year ago.

[2016-06-07 10:32 UTC] cmb@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb

[2016-06-07 10:32 UTC] cmb@php.net

As the bundled GD doesn't have this issue, I'm closing this
ticket. It's likely to be a duplicate of bug #66387 anyway.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 15:01:30 2024 UTC