PHP :: Bug #20974 :: imagepstext crashes, when size is not set

Bug #20974	imagepstext crashes, when size is not set
Submitted:	2002-12-12 14:13 UTC	Modified:	2002-12-12 15:18 UTC
From:	mitja at doticni dot net	Assigned:
Status:	Closed	Package:	GD related
PHP Version:	4.3.0RC3	OS:	Linux Slackware 8.1
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2002-12-12 14:13 UTC] mitja at doticni dot net

Like summary says, I'm unable to draw with t1lib. My configure line is

./configure --with-t1lib --with-imagick --with-freetype-dir=/usr/local --with-apache=../test_apache_1.3.26 --with-png-dir=/usr/local --with-openssl --enable-bcmath --enable-calendar --enable-ftp --enable-gd-imgstrttf --with-gd --with-jpeg-dir=/usr/local --with-imap --with-mysql=/usr/local --enable-sockets --with-zlib --enable-inline-optimization --enable-track-vars --enable-gd-native-ttf --with-freetype --with-gettext --with-gdbm

GDB output is below

> gdb php    
[version info snipped] GNU gdb 5.2
(gdb) set args bug.php
(gdb) run
Starting program: /usr/local/bin/php bug.php

Program received signal SIGSEGV, Segmentation fault.
T1_ScaleOutline (path=0x0, scale=2) at t1outline.c:480
480         if (ipath->type==LINETYPE){
(gdb) bt
#0  T1_ScaleOutline (path=0x0, scale=2) at t1outline.c:480
#1  0x400bb5df in T1_AAFillOutline (path=0x0, modflag=0) at t1aaset.c:1494
#2  0x0809c78c in zif_imagepstext (ht=8, return_value=0x847d9dc, this_ptr=0x0, return_value_used=0)
    at /usr/src/php-4.3.0RC3/ext/gd/gd.c:3312
#3  0x0816999a in execute (op_array=0x837422c) at /usr/src/php-4.3.0RC3/Zend/zend_execute.c:1598
#4  0x0815a708 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php-4.3.0RC3/Zend/zend.c:864
#5  0x0813852f in php_execute_script (primary_file=0xbffff898) at /usr/src/php-4.3.0RC3/main/main.c:1552
#6  0x08170454 in main (argc=2, argv=0xbffff914) at /usr/src/php-4.3.0RC3/sapi/cli/php_cli.c:746
#7  0x401d517d in __libc_start_main (main=0x816fc80 <main>, argc=2, ubp_av=0xbffff914, init=0x8081784 <_init>, 
    fini=0x8241f30 <_fini>, rtld_fini=0x4000a534 <_dl_fini>, stack_end=0xbffff90c) at ../sysdeps/generic/libc-start.c:129

And the script is very simple:

<?

$text='Copydown (C) 2003 Example.com';
$fontsize=13;
$fontfile="bchb.pfb";

$im=imagecreatetruecolor(512,512);

$c_text=imagecolorresolve($im, 0, 0, 0);
$c_bg=imagecolorresolve($im, 104,104,255);

$font=imagepsloadfont($fontfile);
$bbox=imagepsbbox($text, $font, $size);

$startx=imagesx($im)-10-$bbox[2];
$starty=imagesy($im)-10-$bbox[1];

imagepstext($im, $text, $font, $size, $c_text, $c_bg, $startx, $starty);

header("Content-type: image/png");
imagepng($im);

?>

It crashes both from command line and from Apache.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-12-12 14:32 UTC] iliaa@php.net

Could you please provide a copy of the 'bchb.pfb' font file, I cannot replicate the bug using the fonts I have on my system.
Also, what is the value of the $size variable?

[2002-12-12 14:35 UTC] mitja at doticni dot net

OK, thanks for pointing out that size is not set...

Summary was changed. The font is from t1lib distribution.

[2002-12-12 15:18 UTC] iliaa@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue May 07 13:01:35 2024 UTC