php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #21518 ImageCreateFromString() causes segmentation fault
Submitted: 2003-01-08 10:22 UTC Modified: 2003-01-08 12:12 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: jaldinger at consulturdorado dot com Assigned: iliaa
Status: Closed Package: Reproducible crash
PHP Version: 4.3.0 OS: Redhat Linux 7.2
Private report: No CVE-ID:
 [2003-01-08 10:22 UTC] jaldinger at consulturdorado dot com
The following script crashes and never gets to process anything below imagecreatefromstring(). When using the same script with a supported image type (JPG/PNG/GIF/etc.), the script runs fine. Note: The original script gets $data from a database instead of from a file.

<?php
    $data      = file_get_contents('any-unsupported-image.psd');
    $source_id = imagecreatefromstring($data);
    print_r($source_id);
?>

Here's my configure line:
'./configure' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/libexec' '--datadir=/usr/share' '--sysconfdir=/etc' '--sharedstatedir=/usr/com' '--localstatedir=/var' '--libdir=/usr/lib' '--includedir=/usr/include' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--with-apxs=/usr/sbin/apxs' '--enable-force-cgi-redirect' '--enable-discard-path' '--with-layout=GNU' '--with-config-file-path=/etc' '--enable-safe-mode' '--with-exec-dir=/usr/bin' '--enable-magic-quotes' '--disable-rpath' '--with-openssl' '--with-zlib' '--enable-bcmath' '--with-bz2' '--enable-calendar' '--with-curl' '--enable-dbx' '--enable-dio' '--with-dom' '--with-dom-xslt' '--with-dom-exslt' '--enable-exif' '--enable-ftp=shared' '--with-gd' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--with-ttf' '--with-freetype-dir=/usr' '--enable-gd-native-ttf' '--with-gettext=shared' '--with-iconv' '--with-imap=shared' '--with-kerberos' '--with-imap-ssl' '--with-ldap=shared' '--enable-mbstring' '--with-mysql=shared,/usr' '--with-unixODBC=shared' '--with-pfpro' '--with-pgsql=shared' '--with-pspell' '--enable-shmop' '--with-snmp=shared,/usr' '--enable-ucd-snmp-hack' '--enable-sockets' '--with-regex=system' '--enable-sysvsem' '--enable-sysvshm' '--enable-wddx' '--with-expat-dir=/usr' '--enable-yp' '--with-zip' '--enable-versioning' '--with-pic' '--enable-memory-limit'

The Apache error log contains the following error:
[Wed Jan  8 11:46:00 2003] [notice] child pid 25614 exit signal Segmentation fault (11)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-01-08 11:53 UTC] iliaa@php.net
Could you please a provide a sample file that always causes a segmentation fault?
 [2003-01-08 12:02 UTC] jaldinger at consulturdorado dot com
Try with this one:

http://www.kis.fotodom.com/gfx/test.psd
 [2003-01-08 12:04 UTC] jaldinger at consulturdorado dot com
Information about the PHP build is also available at:
http://www.kis.fotodom.com/phpinfo.php
 [2003-01-08 12:12 UTC] iliaa@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 [2004-08-06 00:09 UTC] bpl at kodu dot net
I was able to reproduce same error with php 4.3.4

image used in test: http://www.kodu.net/PICT2029.JPG

simple upload script was used (from tiki-wiki)
<?php
$fp = fopen($_FILES['userfile1']['tmp_name'],"rb");
$data = fread($fp,filesize($_FILES['userfile1']['tmp_name']));
fclose($fp);

//following displayes image correctly in browser:
echo $data;

//this crashes apache thread/php
$img = imagecreatefromstring($data);
?>

My system is up-to-date debian sid (updated 05 aug. 2004).

My php configure (debian sid default php4 package):
'../configure' '--prefix=/usr' '--with-apxs=/usr/bin/apxs' '--with-regex=php' '--with-config-file-path=/etc/php4/apache' '--disable-rpath' '--enable-memory-limit' '--disable-debug' '--with-layout=GNU' '--with-pear=/usr/share/php' '--enable-calendar' '--enable-sysvsem' '--enable-sysvshm' '--enable-track-vars' '--enable-trans-sid' '--enable-bcmath' '--with-bz2' '--enable-ctype' '--with-db4' '--with-iconv' '--enable-exif' '--enable-filepro' '--enable-ftp' '--with-gettext' '--enable-mbstring' '--with-pcre-regex=/usr' '--enable-shmop' '--enable-sockets' '--enable-wddx' '--disable-xml' '--with-expat-dir=/usr' '--enable-yp' '--with-zlib' '--without-pgsql' '--with-kerberos=/usr' '--with-openssl=/usr' '--with-exec-dir=/usr/lib/php4/libexec' '--disable-static' '--with-curl=shared,/usr' '--with-dom=shared,/usr' '--with-dom-xslt=shared,/usr' '--with-dom-exslt=shared,/usr' '--with-zlib-dir=/usr' '--with-gd=shared,/usr' '--enable-gd-native-ttf' '--with-jpeg-dir=shared,/usr' '--with-xpm-dir=shared,/usr/X11R6' '--with-png-dir=shared,/usr' '--with-freetype-dir=shared,/usr' '--with-imap=shared,/usr' '--with-imap-ssl' '--with-ldap=shared,/usr' '--with-mcal=shared,/usr' '--with-mhash=shared,/usr' '--with-mm' '--with-mysql=shared,/usr' '--with-unixODBC=shared,/usr' '--with-recode=shared,/usr' '--enable-xslt=shared' '--with-xslt-sablot=shared,/usr' '--with-snmp=shared' '--enable-ucd-snmp-hack' '--with-sybase-ct=shared,/usr' '--with-ttf=shared,/usr' '--with-t1lib=shared,/usr' 


Thank you.
 [2004-08-06 01:32 UTC] bpl at kodu dot net
Also, php 4.3.8 is no better, result is exactly same.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 21:01:56 2014 UTC