php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #12894 GD crashes PHP by using GD Format
Submitted: 2001-08-22 09:20 UTC Modified: 2001-10-03 20:40 UTC
From: alberty at neptunlabs dot de Assigned:
Status: Not a bug Package: GD related
PHP Version: 4.0.7-dev (latest CVS) OS: i686-pc-linux-gnu
Private report: No CVE-ID: None
View Developer Edit
 [2001-08-22 09:20 UTC] alberty at neptunlabs dot de 
Hi,

the follow 2 different scripts using ImageCreateFromGD & ImageGD2
and crashes PHP.

(using gd2.0.1 and 4.0.6)

<?php
$im_main=ImageCreateFromPNG("./images/some_picture.png");

ImageGD2($im_main,"./images/some_picture.gd2");

ImageDestroy($im_main);
?>

// the gd image is created with pngtogd from the gd lib package.

<?php
	$im_main=ImageCreateFromGD("./images/some_picture.gd");
	ImagePNG($im_main,"./images/some_picture.png");
	ImageDestroy($im_main);
?>

Regards,

-- 
Steve

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-08-22 10:57 UTC] sniper@php.net 
I doubt that you could crash PHP by using functions
that don't exist..

Both imageGD2 and ImageCreateFromGD where added
AFTER PHP 4.0.6 was released. So they are only
available in the CVS.

And with the latest CVS version, both of your
scripts work just fine.

--Jani
 [2001-08-22 12:13 UTC] alberty at neptunlabs dot de 
Sorry, my submitted PHP Version was wrong. I mean 4.0.7-dev from the latest CVS.

The script crash under cvs version.

Regards,

Steve
 [2001-08-22 13:04 UTC] sniper@php.net 
I can't get your scripts to crash.
Could you please generate a GDB backtrace of the crash?

--Jani
 [2001-08-27 08:50 UTC] alberty at neptunlabs dot de 
Hi Jani,

here is the backtrace of the second script:

Program received signal SIGSEGV, Segmentation fault.
0x40411786 in gd_module_entry () from /usr/local/apache/current/libexec/libphp4.so
(gdb) bt
#0  0x40411786 in gd_module_entry () from /usr/local/apache/current/libexec/libphp4.so
(gdb) 

the script fails only if you call ImagePNG after the ImageCreateFromGD.

Also ImageGD2 creates corrupted files, but this is another bug ...


Regards,

-- 
Steve
 [2001-08-30 22:36 UTC] sniper@php.net 
I can not reproduce this. Does this happen with that
example script included in this report?
Does this crash happen with specific images? Where could
I get those images? What was the configure line like
for configuring PHP ?

--Jani
 [2001-10-02 19:05 UTC] sniper@php.net 
No feedback and not enought information. If problem still
exists with latest CVS / GD reopen with required information.
 [2001-10-03 08:04 UTC] alberty at neptunlabs dot de 
oops, i have post a message to this problem in php.dev under: "GD seg fault on save"

however, here is another code example to reproduce
the problem:

<?php
$im_main=ImageCreateFromGD('2.gd');
ImageJPEG($im_main);
?>

The problem is _not_ ImageJPEG! You can reproduce the problem also with 
ImagePNG.

here is the backtrace:
----
Program received signal SIGSEGV, Segmentation fault.
gdImageJpegCtx (im=???, outfile=???, quality=???) at gd_jpeg.c:207
207                   int val = im->tpixels[i][j];
(gdb) bt
#0  gdImageJpegCtx (im=???, outfile=???, quality=???) at gd_jpeg.c:207
---

you can download the '2.gd' file under:
http://www.alberty.de/2.gd
 [2001-10-03 20:40 UTC] sniper@php.net 
Your example GD file crashes even the GD binaries (gdtopng)
and also the backtrace indicates that the problem is not in
PHP but in GD library itself. Please report this to the GD
library author instead.

--Jani
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Apr 29 15:01:29 2025 UTC