PHP :: Bug #19704 :: ImageTrueColorToPalette() kills PHP

Bug #19704

ImageTrueColorToPalette() kills PHP

Submitted:

2002-10-01 22:15 UTC

Modified:

2002-10-06 12:24 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

sprice at wisc dot edu

Assigned:

Status:

Closed

Package:

GD related

PHP Version:

4CVS-2002-10-02

OS:

Darwin 6 (Mac OS 10.2)

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2002-10-01 22:15 UTC] sprice at wisc dot edu

This code creates the same error as described here:
http://bugs.php.net/bug.php?id=19700
the two may be related.

If the "ImageTrueColorToPalette" line is commented out this works fine.

<?php
header( "Content-type: image/png" );

$img = ImageCreateTrueColor( 800, 600 );

ImageTrueColorToPalette( $img, 'TRUE', 256 );

ImagePNG( $img );
ImageDestroy( $img );
?>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-10-02 08:09 UTC] iliaa@php.net

'kills php'? Does this mean PHP crashes, if so, please provide a backtrace of the crash. Otherwise, please provide more information about this 'killing of php'.

Note: The test script works fine on both Linux & Windows running latest CVS.

[2002-10-02 09:21 UTC] sprice at wisc dot edu

"Kills PHP" means the same error as in the other bug.

here is what I see from top:
(1 sec)
 1482 httpd       27.4%  0:10.96   1     8   164  3.77M- 13.1M+ 6.34M  38.2M+
(1 sec)
 1514 c++filt3     0.0%  0:00.01   1     9    14    48K   396K   268K 
1.37M 
 1513 crashdump  102.5%  0:01.35   2    15   405  25.2M+ 21.1M+ 33.2M+ 59.7M+
 1482 httpd        0.0%  0:10.96   1     8   164  3.77M  13.1M+ 6.34M  38.2M 
(1 sec)
 1514 c++filt3     0.0%  0:00.01   1     9    14    48K   396K   268K  1.37M 
 1513 crashdump   99.8%  0:02.40   2    15   405  25.2M  21.1M  33.2M 
59.7M 
 1512 top          4.7%  0:00.42   1    15    18   208K   376K   488K  13.8M 
 1482 httpd        0.0%  0:10.96   1     8   164  3.77M  13.1M  6.34M  38.2M 

I got a core, I don't know if it is of much help tho:
#0  0x90004c88 in __sfvwrite ()
#1  0x90005b24 in fwrite ()
#2  0x007ec104 in ?? ()
#3  0x007eb4f8 in ?? ()
#4  0x007ec8f4 in ?? ()
#5  0x009ba278 in ?? ()
#6  0x009c3888 in ?? ()
#7  0x009afdc4 in ?? ()
#8  0x009aff94 in ?? ()
#9  0x007ee058 in ?? ()
#10 0x007ed72c in ?? ()
#11 0x007f54fc in ?? ()
#12 0x007d00b4 in ?? ()
#13 0x009a42a4 in ?? ()
#14 0x0098bc58 in ?? ()
#15 0x009420c8 in ?? ()
#16 0x009aa04c in ?? ()
#17 0x009ab278 in ?? ()
#18 0x009ab2f8 in ?? ()
#19 0x0000c4b4 in ap_invoke_handler ()
#20 0x000160b4 in process_request_internal ()
#21 0x00016144 in ap_process_request ()
#22 0x00005b48 in child_main ()
#23 0x00005d08 in make_child ()
#24 0x00005e74 in startup_children ()
#25 0x00006470 in standalone_main ()
#26 0x00006ce8 in main ()
#27 0x00001bb0 in _start ()
#28 0x00001a30 in start ()

This is the first time that I have got a core dump, so I am not sure that I did everything right. (just tell me :-)

[2002-10-02 10:31 UTC] sniper@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2002-10-02 10:41 UTC] sprice at wisc dot edu

Ahhh... Much better this time.

Program received signal EXC_BAD_ACCESS, Could not access memory.
0x90004c88 in __sfvwrite ()
(gdb) bt
#0  0x90004c88 in __sfvwrite ()
#1  0x90005b24 in fwrite ()
#2  0x007ec104 in filePutbuf (ctx=0x5cdfd0, buf=0xbfffc430, size=8) at /usr/local/php-cvs/php4-200210020600/ext/gd/libgd/gd_io_file.c:93
#3  0x007eb4f8 in gdPutBuf (buf=0xbfffc430, size=8, ctx=0x5cdfd0) at /usr/local/php-cvs/php4-200210020600/ext/gd/libgd/gd_io.c:150
#4  0x007ec8f4 in gdPngWriteData (png_ptr=0x6fcfa0, data=0xbfffc430 "\211PNG\r\n\032\n", length=8) at /usr/local/php-cvs/php4-200210020600/ext/gd/libgd/gd_png.c:89
#5  0x009ba278 in png_write_data ()
#6  0x009c3888 in png_write_sig ()
#7  0x009afdc4 in png_write_info_before_PLTE ()
#8  0x009aff94 in png_write_info ()
#9  0x007ee058 in gdImagePngCtx (im=0x6b9d90, outfile=0x5cdfd0) at /usr/local/php-cvs/php4-200210020600/ext/gd/libgd/gd_png.c:655
#10 0x007ed72c in gdImagePng (im=0x6b9d90, outFile=0x0) at /usr/local/php-cvs/php4-200210020600/ext/gd/libgd/gd_png.c:424
#11 0x007f54fc in gdImageTrueColorToPalette (im=0x1a1d00, dither=1, colorsWanted=256) at /usr/local/php-cvs/php4-200210020600/ext/gd/libgd/gd_topal.c:1574
#12 0x007d00b4 in zif_imagetruecolortopalette (ht=3, return_value=0x1a01e8, this_ptr=0x0, return_value_used=0) at /usr/local/php-cvs/php4-200210020600/ext/gd/gd.c:645
#13 0x009a42a4 in execute (op_array=0x19f3c8) at /usr/local/php-cvs/php4-200210020600/Zend/zend_execute.c:1597
#14 0x0098bc58 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/php-cvs/php4-200210020600/Zend/zend.c:834
#15 0x009420c8 in php_execute_script (primary_file=0xbfffec80) at /usr/local/php-cvs/php4-200210020600/main/main.c:1545
#16 0x009aa04c in apache_php_module_main (r=0x192d58, display_source_mode=0) at /usr/local/php-cvs/php4-200210020600/sapi/apache/sapi_apache.c:55
#17 0x009ab278 in send_php (r=0x192d58, display_source_mode=0, filename=0x194900 "/Library/WebServer/Documents/riverdata/scripts/test2.php") at /usr/local/php-cvs/php4-200210020600/sapi/apache/mod_php4.c:564
#18 0x009ab2f8 in send_parsed_php (r=0x192d58) at /usr/local/php-cvs/php4-200210020600/sapi/apache/mod_php4.c:579
#19 0x0000c4b4 in ap_invoke_handler ()
#20 0x000160b4 in process_request_internal ()
#21 0x00016144 in ap_process_request ()
#22 0x00005b48 in child_main ()
#23 0x00005d08 in make_child ()
#24 0x00005e74 in startup_children ()
#25 0x00006470 in standalone_main ()
#26 0x00006ce8 in main ()
#27 0x00001bb0 in _start ()
#28 0x00001a30 in start ()

[2002-10-02 10:42 UTC] rasmus@php.net

Which version of libpng?

[2002-10-02 10:58 UTC] sprice at wisc dot edu

PNG v1.2.4

[2002-10-02 11:00 UTC] sprice at wisc dot edu

I am getting lines in the error log now (i wasn't in PHP v4.2.3)

It seems to be stuck in some sort of loop:

[Wed Oct  2 10:53:02 2002] [notice] child pid 25019 exit signal Bus error (10)
[Wed Oct  2 10:53:03 2002] [notice] child pid 25018 exit signal Bus error (10)

[2002-10-02 11:11 UTC] rasmus@php.net

But was 4.2.3 compiled against the same version of libpng?  There are known issues with libpng 1.2.x.  The 1.0.x versions don't have these problems.

[2002-10-02 12:15 UTC] sprice at wisc dot edu

Yep, I haven't changed versions of libpng. Everything has been compiled against v1.2.4. Should I downgrade to v1.0.x?

[2002-10-02 12:26 UTC] rasmus@php.net

Just to give us another datapoint it would be interesting to see if the crash is the same with libpng-1.0.x

[2002-10-02 13:11 UTC] sprice at wisc dot edu

I have tried libpng v1.0.14 using both "--with-gd=/usr/local" and "--with-gd=php" and I recompiled GD with the old version of libpng. I wish you guys would included the version of png in phpinfo() so I know that I grabbed the correct version of libpng.

Anyway, the error remains the same as ever.

[2002-10-04 17:45 UTC] ndsantos at nuxworks dot net

I encounter the same error in Linux but not in Windows. 

The problem occurs when the script is run through a browser but works fine when run from the command line.

[2002-10-05 01:45 UTC] iliaa@php.net

Can you try the latest libpng (libpng 1.2.5). The problem seems to be particular to Mac OS, since *something* causes the filePutbuf() function inside the gd library to get an incorect size of data to write, resulting in a bug you are seeing. 
For the record, I am unable to replicate this bug on Linux.

[2002-10-05 10:03 UTC] sprice at wisc dot edu

Tried it, still doesn't work. I wish you guys would make the libpng version show up in phpinfo() so I could be sure I compiled everything right. If everything worked as advertised, I compiled libpng v1.2.5rc3. I configured with "--with-gd=/usr/local" and "--with-gd=php"

[2002-10-05 21:27 UTC] sprice at wisc dot edu

I tried both libpng v1.0.15 and v1.2.5. Same problem.

[2002-10-06 02:29 UTC] rasmus@php.net

I think I fixed this in CVS - please test.  It doesn't crash on my box so I can't really test it.  It was one of these super-intelligent fixes.  I couldn't figure out what the code that was crashing was doing, so I just removed it.  You can see the patch here:


http://news.php.net/article.php?group=php.cvs&article=14592

[2002-10-06 12:24 UTC] sprice at wisc dot edu

I grabbed the cvs snapshot, tested it nice and good, and it seems to work great. You did good. I did uncover another bug in ImageTrueColorToPalette(), but it seems like a different bug so I am going to report it as such. It is bug #19781.
( http://bugs.php.net/bug.php?id=19781 )

<girlfriend>
*hugs* for all!  Thanks for all your great help you gave my boyfriend!  You guys are great!
</girlfriend>

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon May 06 05:01:31 2024 UTC