|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #21518 ImageCreateFromString() causes segmentation fault
Submitted: 2003-01-08 10:22 UTC Modified: 2003-01-08 12:12 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: jaldinger at consulturdorado dot com Assigned: iliaa
Status: Closed Package: Reproducible crash
PHP Version: 4.3.0 OS: Redhat Linux 7.2
Private report: No CVE-ID:
 [2003-01-08 10:22 UTC] jaldinger at consulturdorado dot com
The following script crashes and never gets to process anything below imagecreatefromstring(). When using the same script with a supported image type (JPG/PNG/GIF/etc.), the script runs fine. Note: The original script gets $data from a database instead of from a file.

    $data      = file_get_contents('any-unsupported-image.psd');
    $source_id = imagecreatefromstring($data);

Here's my configure line:
'./configure' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/libexec' '--datadir=/usr/share' '--sysconfdir=/etc' '--sharedstatedir=/usr/com' '--localstatedir=/var' '--libdir=/usr/lib' '--includedir=/usr/include' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--with-apxs=/usr/sbin/apxs' '--enable-force-cgi-redirect' '--enable-discard-path' '--with-layout=GNU' '--with-config-file-path=/etc' '--enable-safe-mode' '--with-exec-dir=/usr/bin' '--enable-magic-quotes' '--disable-rpath' '--with-openssl' '--with-zlib' '--enable-bcmath' '--with-bz2' '--enable-calendar' '--with-curl' '--enable-dbx' '--enable-dio' '--with-dom' '--with-dom-xslt' '--with-dom-exslt' '--enable-exif' '--enable-ftp=shared' '--with-gd' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-ttf' '--with-freetype-dir=/usr' '--enable-gd-native-ttf' '--with-gettext=shared' '--with-iconv' '--with-imap=shared' '--with-kerberos' '--with-imap-ssl' '--with-ldap=shared' '--enable-mbstring' '--with-mysql=shared,/usr' '--with-unixODBC=shared' '--with-pfpro' '--with-pgsql=shared' '--with-pspell' '--enable-shmop' '--with-snmp=shared,/usr' '--enable-ucd-snmp-hack' '--enable-sockets' '--with-regex=system' '--enable-sysvsem' '--enable-sysvshm' '--enable-wddx' '--with-expat-dir=/usr' '--enable-yp' '--with-zip' '--enable-versioning' '--with-pic' '--enable-memory-limit'

The Apache error log contains the following error:
[Wed Jan  8 11:46:00 2003] [notice] child pid 25614 exit signal Segmentation fault (11)


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-01-08 11:53 UTC]
Could you please a provide a sample file that always causes a segmentation fault?
 [2003-01-08 12:02 UTC] jaldinger at consulturdorado dot com
Try with this one:
 [2003-01-08 12:04 UTC] jaldinger at consulturdorado dot com
Information about the PHP build is also available at:
 [2003-01-08 12:12 UTC]
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at
In case this was a documentation problem, the fix will show up soon at

In case this was a website problem, the change will show
up on the site and on the mirror sites in short time.
Thank you for the report, and for helping us make PHP better.

 [2004-08-06 00:09 UTC] bpl at kodu dot net
I was able to reproduce same error with php 4.3.4

image used in test:

simple upload script was used (from tiki-wiki)
$fp = fopen($_FILES['userfile1']['tmp_name'],"rb");
$data = fread($fp,filesize($_FILES['userfile1']['tmp_name']));

//following displayes image correctly in browser:
echo $data;

//this crashes apache thread/php
$img = imagecreatefromstring($data);

My system is up-to-date debian sid (updated 05 aug. 2004).

My php configure (debian sid default php4 package):
'../configure' '--prefix=/usr' '--with-apxs=/usr/bin/apxs' '--with-regex=php' '--with-config-file-path=/etc/php4/apache' '--disable-rpath' '--enable-memory-limit' '--disable-debug' '--with-layout=GNU' '--with-pear=/usr/share/php' '--enable-calendar' '--enable-sysvsem' '--enable-sysvshm' '--enable-track-vars' '--enable-trans-sid' '--enable-bcmath' '--with-bz2' '--enable-ctype' '--with-db4' '--with-iconv' '--enable-exif' '--enable-filepro' '--enable-ftp' '--with-gettext' '--enable-mbstring' '--with-pcre-regex=/usr' '--enable-shmop' '--enable-sockets' '--enable-wddx' '--disable-xml' '--with-expat-dir=/usr' '--enable-yp' '--with-zlib' '--without-pgsql' '--with-kerberos=/usr' '--with-openssl=/usr' '--with-exec-dir=/usr/lib/php4/libexec' '--disable-static' '--with-curl=shared,/usr' '--with-dom=shared,/usr' '--with-dom-xslt=shared,/usr' '--with-dom-exslt=shared,/usr' '--with-zlib-dir=/usr' '--with-gd=shared,/usr' '--enable-gd-native-ttf' '--with-jpeg-dir=shared,/usr' '--with-xpm-dir=shared,/usr/X11R6' '--with-png-dir=shared,/usr' '--with-freetype-dir=shared,/usr' '--with-imap=shared,/usr' '--with-imap-ssl' '--with-ldap=shared,/usr' '--with-mcal=shared,/usr' '--with-mhash=shared,/usr' '--with-mm' '--with-mysql=shared,/usr' '--with-unixODBC=shared,/usr' '--with-recode=shared,/usr' '--enable-xslt=shared' '--with-xslt-sablot=shared,/usr' '--with-snmp=shared' '--enable-ucd-snmp-hack' '--with-sybase-ct=shared,/usr' '--with-ttf=shared,/usr' '--with-t1lib=shared,/usr' 

Thank you.
 [2004-08-06 01:32 UTC] bpl at kodu dot net
Also, php 4.3.8 is no better, result is exactly same.
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Mon Nov 30 04:01:31 2015 UTC