php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #17773 segfault calling pdf_open_image_file with a tiff image
Submitted: 2002-06-15 11:24 UTC Modified: 2002-06-19 06:26 UTC
From: paolo at i-dome dot com Assigned:
Status: Closed Package: PDF related
PHP Version: 4.2.1 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: paolo at i-dome dot com
New email:
PHP Version: OS:

 

 [2002-06-15 11:24 UTC] paolo at i-dome dot com
Calling pdf_open_image_file with a tiff image, PHP get a segfault. This with different versions of pdflib and libtiff. I don't have this problem, when make the same operation with a C program compiled with the pdflib.

Thanks

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-06-15 11:28 UTC] paolo at i-dome dot com
With JPEG or PNG images i don't have problem.
 [2002-06-15 11:38 UTC] mfischer@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
 [2002-06-15 19:31 UTC] sniper@php.net
Also how you build libpdf / PHP (the configure lines)
and information of all the versions of all related libraries is needed.

 [2002-06-16 03:33 UTC] paolo at i-dome dot com
Pdflib.4.0.2
libtiff-3.5.5-7

Configuration sring:
./configure --with-config-file-path=/etc/httpd/conf 
--enable-ftp --with-gd=/install/gd-2.0.1 -with-ttf 
--with-imap --with-ldap --with-mcal=../libmcal 
--with-mysql --with-pdflib --with-jpeg-dir --with-tiff-dir 
--with-zlib --with-curl --enable-xml 
--with-freetype-dir=/usr/local --enable-gd-native-ttf 
-enable-gd-imgstrttf -with-png-dir --enable-debug

RUnning gdb on the core file:
(gdb) bt
#0  0x816e02c in zend_llist_add_element (l=0x82d5f94, 
element=0xbffff900) at zend_llist.c:43
#1  0x815edf2 in open_file_for_scanning 
(file_handle=0xbffff900) at zend_language_scanner.c:2964
#2  0x815eea0 in compile_file (file_handle=0xbffff900, 
type=2) at zend_language_scanner.c:3006
#3  0x81766bb in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at zend.c:806
#4  0x807644a in php_execute_script 
(primary_file=0xbffff900) at main.c:1381
#5  0x807387c in main (argc=2, argv=0xbffff9b4) at 
cgi_main.c:778
#6  0x40310b65 in __libc_start_main (main=0x8072e6c 
<main>, argc=2, ubp_av=0xbffff9b4, init=0x8070c3c <_init>,
    fini=0x820ec7c <_fini>, rtld_fini=0x4000df24 
<_dl_fini>, stack_end=0xbffff9ac) at 
../sysdeps/generic/libc-start.c:111
#6  0x40310b65 in __libc_start_main (main=0x8072e6c 
<main>, argc=2, ubp_av=0xbffff9b4, init=0x8070c3c <_init>,
    fini=0x820ec7c <_fini>, rtld_fini=0x4000df24 
<_dl_fini>, stack_end=0xbffff9ac) at 
../sysdeps/generic/libc-start.c:111
111     ../sysdeps/generic/libc-start.c: File o directory 
inesistente.
(gdb) do
#5  0x807387c in main (argc=2, argv=0xbffff9b4) at 
cgi_main.c:778
778                                     if 
(php_execute_script(&file_handle TSRMLS_CC)) {
(gdb) do
#4  0x807644a in php_execute_script 
(primary_file=0xbffff900) at main.c:1381
1381                    retval = 
(zend_execute_scripts(ZEND_REQUIRE TSRMLS_CC, NULL, 3, 
prepend_file_p, primary_file, append_file_p) == SUCCESS);
(gdb) do
#3  0x81766bb in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at zend.c:806
806                     EG(active_op_array) = 
zend_compile_file(file_handle, ZEND_INCLUDE TSRMLS_CC);
(gdb) do
#2  0x815eea0 in compile_file (file_handle=0xbffff900, 
type=2) at zend_language_scanner.c:3006
3006            if (open_file_for_scanning(file_handle 
TSRMLS_CC)==FAILURE) {
(gdb) do
#1  0x815edf2 in open_file_for_scanning 
(file_handle=0xbffff900) at zend_language_scanner.c:2964
2964                    
zend_llist_add_element(&CG(open_files), file_handle);
(gdb) do
#0  0x816e02c in zend_llist_add_element (l=0x82d5f94, 
element=0xbffff900) at zend_llist.c:43
43                      l->tail->next = tmp;
 [2002-06-16 21:40 UTC] sniper@php.net
That backtrace doesn't show any kind of crash.
Please read the instructions at http://bugs.php.net/bugs-generating-backtrace.php 
how to create useful trace of the _crash_.

Also, add the shortest possible script used to this bug report which can be use to reproduce the crash.

 [2002-06-17 08:14 UTC] paolo at i-dome dot com
This is a example of script generating a core.
The same script sobstutiting a jpeg file or png file don't 
give crash. I have traied with different tiff file renamed 
in prova.tif, but all give a segfault.
I have, also, writed a C program with the same call 
linking whith pdflib and run correctly.


<?php
 
//Create & Open PDF-Object
$pdf = pdf_new();
pdf_open_file($pdf");
 
pdf_set_info($pdf, "Author","Paolo Morandi");
pdf_set_info($pdf, "Title","visure.cedcamera.com");
pdf_set_info($pdf, "Creator", "morandi@mi.camcom.it");
pdf_set_info($pdf, "Subject", "pdf_open_image_file");
 
 
$tiffimage="prova.tif";
$pdfimage=-1;
$pdfimage = pdf_open_image_file($pdf, "tiff",$tiffimage, 
"", 0);
pdf_begin_page($pdf, 842, 1190);
if($pdfimage > 0)
        pdf_place_image($pdf, $pdfimage, 0, 0, 1.0);
 
//close it up
pdf_end_page($pdf);
pdf_close($pdf);
 
$data = pdf_get_buffer($pdf);
header('Content-type: application/pdf');
header('Content-disposition: inline; filename=image.pdf');
header('Content-length: ' . strlen($data));
echo $data;
?>
 [2002-06-17 08:23 UTC] paolo at i-dome dot com
This is the effect running the program with gdb:

Starting program: /usr/local/bin/php exectiff1.php
 
Program received signal SIGSEGV, Segmentation fault.
0x816e02c in zend_llist_add_element (l=0x82d5f94, 
element=0xbffff920) at zend_llist.c:43
43                      l->tail->next = tmp;
 [2002-06-17 15:50 UTC] sniper@php.net
I couldn't reproduce this with pdflib 4.0.1...but this 
is actually problem with pdflib itself, NOT php. 
Check the patches here:

http://www.pdflib.com/pdflib/patches.html

I tried the pdflib 4.0.2 with the patch and it works just fine. 

--Jani

 [2002-06-18 06:11 UTC] paolo at i-dome dot com
Thanks, 
i have applied the patches to pdflib and relinked php but the problem are the same.
Why, if i try with a C program calling directly the functions  from pdflib i don't have problems?
 [2002-06-18 17:00 UTC] sniper@php.net
It's either that you're doing something wrong or that
this is actually some bug in PHP 4.2.1 which is fixed
in the CVS (I use the very latest sources) and that's 
why I can't reproduce it. For me PDFlib 4.0.2 did the same
as for you without the patches though..

Are you 100% sure you have applied the patch correctly?
And you did compile/install the new patched one?

Please try with this snapshot:

http://snaps.php.net/php4-latest.tar.gz

And DO NOT replace the ext/pdf with the one that comes with
pdflib sources.

 [2002-06-19 06:26 UTC] paolo at i-dome dot com
Sorry, i have recomiled, reinstalled pdflib, reconfigured and recompiled completly php and now work.

Thanks

Paolo
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sun Jan 26 14:01:24 2020 UTC