php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #17584 segmentation fault with imagefill and tiles
Submitted: 2002-06-03 20:06 UTC Modified: 2002-06-06 00:58 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: ryan at kaneda dot net Assigned:
Status: Closed Package: GD related
PHP Version: 4.2.1 OS: FreeBSD 4.5-STABLE
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2002-06-03 20:06 UTC] ryan at kaneda dot net 
<?php
$image=imageCreate(200,200);

$tile1=imageCreateFromPNG('./images/stars.png');
$tile2=imageCreateFromgif('./images/temperate_1.gif');
imageSetTile($image,$tile1);
imageFilledRectangle($image,0,0,200,200,IMG_COLOR_TILED);

$polygon=array(10,10,190,100,10,190,100,100,10,10);
imageSetTile($image,$tile2);
imageFilledPolygon($image,$polygon,5,IMG_COLOR_TILED);

imagePNG($image);
imageDestroy($image);
?>

Every time i would do an imagefill with IMG_COLOR_TILED set as the property color, Apache error reporting has this to say:
[Mon Jun 03 16:28:29 2002] [notice] child pid 10678 exit signal Segmentation fault (11)

Here are my configure options:
'./configure' '--with-apxs2=/usr/local/sbin/apxs' '--with-tsrm-pth' '--with-config-file-path=/usr/local/etc' '--enable-versioning' '--with-regex=system' '--without-gd' '--without-mysql' '--with-gd=/usr/local' '--enable-gd-native-ttf' '--with-freetype-dir=/usr/local' '--with-jpeg-dir=/usr/local' '--with-png-dir=/usr/local' '--with-zlib' '--with-bz2=/usr' '--with-mysql=/usr/local' '--with-openssl=/usr' '--enable-sockets' '--enable-trans-sid' '--prefix=/usr/local' 'i386-portbld-freebsd4.5'  or, just look here: http://azazel.kaneda.net/phpinfo.php

I'd have to rebuild php to get the gdb backtrace, but I'll do it if required.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-06-03 20:16 UTC] sniper@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
 [2002-06-05 14:29 UTC] ryan at kaneda dot net 
Okay, I hope this is what we're looking for:

Program received signal SIGSEGV, Segmentation fault.
0x286b9df5 in gdImageSetPixel () from /usr/local/lib/libgd.so.4
(gdb) bt
#0  0x286b9df5 in gdImageSetPixel () from /usr/local/lib/libgd.so.4
#1  0x286b9b06 in gdImageSetPixel () from /usr/local/lib/libgd.so.4
#2  0x286bb28b in gdImageFilledRectangle () from /usr/local/lib/libgd.so.4
#3  0x284049ad in ssl_expr_yytext () from /usr/local/libexec/apache2/libphp4.so
#4  0x283cb0fd in ssl_expr_yytext () from /usr/local/libexec/apache2/libphp4.so
#5  0x283da622 in ssl_expr_yytext () from /usr/local/libexec/apache2/libphp4.so
#6  0x283e822a in ssl_expr_yytext () from /usr/local/libexec/apache2/libphp4.so
#7  0x283e49b6 in ssl_expr_yytext () from /usr/local/libexec/apache2/libphp4.so
#8  0x806dbb7 in ap_pass_brigade ()
#9  0x8073f18 in default_handler ()
#10 0x80646f4 in ap_run_handler ()
#11 0x8064b85 in ap_invoke_handler ()
#12 0x8062006 in ap_process_request ()
#13 0x805e13d in ap_process_http_connection ()
#14 0x806c278 in ap_run_process_connection ()
#15 0x806c4ff in ap_process_connection ()
#16 0x80633ab in child_main ()
#17 0x8063468 in make_child ()
#18 0x806355a in startup_children ()
#19 0x806388f in ap_mpm_run ()
#20 0x80686de in main ()
#21 0x805dd8d in _start ()

---

Am I mistaken, is this a gd library error and not a php error?  The script executed was the same posted in the original report.  Let me know if there's anything else needed.
 [2002-06-05 14:38 UTC] ryan at kaneda dot net 
Oh crap... disregard that.  That's on a non debug php build.  Give me a second to redo the backtrace. 

heh.
 [2002-06-05 15:21 UTC] ryan at kaneda dot net 
okay, sorry about that.  Here's the *real* bt:

Program received signal SIGSEGV, Segmentation fault.
0x286c3df5 in gdImageSetPixel () from /usr/local/lib/libgd.so.4
(gdb) bt
#0  0x286c3df5 in gdImageSetPixel () from /usr/local/lib/libgd.so.4
#1  0x286c3b06 in gdImageSetPixel () from /usr/local/lib/libgd.so.4
#2  0x286c528b in gdImageFilledRectangle () from /usr/local/lib/libgd.so.4
#3  0x284097f2 in zif_imagefilledrectangle (ht=6, return_value=0x81a6268, this_ptr=0x0, return_value_used=0, tsrm_ls=0x812ba30)
    at gd.c:2004
#4  0x283caaa3 in execute (op_array=0x8127c28, tsrm_ls=0x812ba30) at ./zend_execute.c:1598
#5  0x283db37a in zend_execute_scripts (type=8, tsrm_ls=0x812ba30, retval=0x0, file_count=3) at zend.c:810
#6  0x283eaac2 in php_execute_script (primary_file=0xbfbff8dc, tsrm_ls=0x812ba30) at main.c:1381
#7  0x283e6ea6 in php_output_filter (f=0x818d350, bb=0x818dd48) at sapi_apache2.c:401

(gdb) frame 4
#4  0x283caaa3 in execute (op_array=0x8127c28, tsrm_ls=0x812ba30) at ./zend_execute.c:1598
1598                                                    ((zend_internal_function *) EX(function_state).function)->handler(EX(opline)->extended_value, EX(Ts)[EX(opline)->result.u.var].var.ptr, EX(object).ptr, return_value_used TSRMLS_CC);


----

Better?
 [2002-06-05 15:26 UTC] sniper@php.net 
This looks like some other bug which turned out to be a bug
in libpng (iirc). What version do you have there?
(and did you link PHP with the same libpng??)

I can't reproduce this with libpng 1.2.0 and GD 1.8.4.
 [2002-06-05 17:16 UTC] ryan at kaneda dot net 
I'm using gd 2.0.1 with libpng 1.2.0.  I'm installing all of it through FreeBSD ports, so if you may want to try reproducing there.
 [2002-06-05 19:30 UTC] sniper@php.net 
As you propably are aware, GD 2.0.1 is BETA. And the 
original author of GD hasn't updated it for a long long 
time..that's why there will be a bundled patched GD library 
in PHP 4.3.0. 

I fixed (hopefully correctly too, it works for me :) this 
segfault in the bundled GD library now.

You can grab the patched gd.c file from here to test it:

http://cvs.php.net/co.php/php4/ext/gd/libgd/gd.c?r=1.4&p=1

The patch is here: 

http://cvs.php.net/diff.php/php4/ext/gd/libgd/gd.c?r1=1.3&r2=1.4&ty=u

--Jani
 [2002-06-06 00:58 UTC] derick@php.net 
Just want to add that there is a known incompatibility between libpnh 1.2.x and libgd 2.x

Derick
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Apr 28 18:01:31 2024 UTC