php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #24956 GDlib crash running stable code
Submitted: 2003-08-05 19:35 UTC Modified: 2007-04-30 09:37 UTC
Votes:2
Avg. Score:3.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: danielsabsay at pacbell dot net Assigned: pajoye (profile)
Status: Not a bug Package: GD related
PHP Version: 4.3.2 OS: MacOS 10.2.6
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: danielsabsay at pacbell dot net
New email:
PHP Version: OS:

 

 [2003-08-05 19:35 UTC] danielsabsay at pacbell dot net 
Description:
------------
Using installation package for MacOS X. Code using 
GD functions causes crash.   There are 3 crash log 
summaries. GD library is version 2.0.12

Actual result:
--------------
Thread 0 Crashed:  #0   0x01d1b9ec in fontTest 
(gdft.c:337)  #1   0x90004a44 in malloc_zone_malloc  #2   
0x01d1b828 in gdCacheGet (gdcache.c:108)  #3   
0x01d1c518 in gdImageStringFTEx (gdft.c:855)  #4   
0x01d1c3a8 in gdImageStringFT (gdft.c:784)  #5   
0x03817130 in php_imagettftext_common (gd.c:3068)  #6   
0x03963144 in execute (zend_execute.c:1606)  #7   
0x0396330c in execute (zend_execute.c:1652)  #8   
0x03954f84 in zend_execute_scripts (zend.c:870)  #9   
0x03929860 in php_execute_script (main.c:1673)  #10  
0x03967bc8 in php_handler (sapi_apache2.c:525)  #11  
0x0001ee64 in ap_run_handler (config.c:195)  #12  
0x0001f5ec in ap_invoke_handler (config.c:403)  #13  

 KERN_INVALID_ADDRESS (0x0001) at 0x2f747265  Thread 0 
Crashed:  #0   0x01d1b81c in gdCacheGet (gdcache.c:108)  
#1   0x01d1c518 in gdImageStringFTEx (gdft.c:855)  #2   
0x01d1c3a8 in gdImageStringFT (gdft.c:784)  #3   
0x03817130 in php_imagettftext_common (gd.c:3068)  #4   
0x03963144 in execute (zend_execute.c:1606)  #5   
0x0396330c in execute (zend_execute.c:1652)  #6   
0x03954f84 in zend_execute_scripts (zend.c:870)  #7   
0x03929860 in php_execute_script (main.c:1673)  #8   
0x03967bc8 in php_handler (sapi_apache2.c:525)  #9   
0x0001ee64 in ap_run_handler (config.c:195)  #10  
0x0001f5ec in ap_invoke_handler (config.c:403)  #11  
0x00007cb4 in ap_process_request (http_request.c:292)  
#12  0x00002cec in ap_proc


in gdCacheDelete (gdcache.c:90)  #1   0x01d1c348 in 
gdFreeFontCache (gdft.c:773)  #2   0x0380beec in 
zm_deactivate_gd (gd.c:384)  #3   0x03957c48 in 
module_registry_cleanup (zend_API.c:1175)  #4   
0x0395a0e4 in zend_hash_apply (zend_hash.c:688)  #5   
0x03954830 in zend_deactivate_modules (zend.c:635)  #6   
0x039280f8 in php_request_shutdown (main.c:974)  #7   
0x03967bec in php_handler (sapi_apache2.c:542)  #8   
0x0001ee64 in

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-08-06 09:23 UTC] sniper@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

Also, you need to give us the exact configure line you have used. (note: we don't support using of the external GD libraries, use the bundled which contains several fixes)
 [2003-08-10 21:49 UTC] sniper@php.net 
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 [2007-04-29 21:05 UTC] mail1878743 at handymail dot org 
Same error under debian GNU/Linux_x64 with php 5.2.1:

#0  0x00002ac7ffffffff in ?? ()
#1  0x00002ac71ca19123 in ?? () from /usr/lib/libfreetype.so.6
#2  0x00002ac71ca191e0 in FT_Done_Face () from /usr/lib/libfreetype.so.6
#3  0x00002ac71c8cef6d in ?? () from /usr/lib/libgd.so.2
#4  0x00002ac71c8cd65d in gdCacheDelete () from /usr/lib/libgd.so.2
#5  0x00002ac71c8cf5a6 in gdFontCacheShutdown () from /usr/lib/libgd.so.2
#6  0x00002ac71c0115c9 in zm_deactivate_gd (type=16158400, module_number=16224416, tsrm_ls=0x1522e20) at ext/gd/gd.c:1303
#7  0x00002ac71c23d4cf in module_registry_cleanup (module=<value optimized out>, tsrm_ls=0x1522e20) at Zend/zend_API.c:1945
#8  0x00002ac71c246b58 in zend_hash_apply (ht=0x2ac71c7abec0, apply_func=0x2ac71c23d4b0 <module_registry_cleanup>, tsrm_ls=0xd8ca40)
    at Zend/zend_hash.c:673
#9  0x00002ac71c23b0b0 in zend_deactivate_modules (tsrm_ls=0xd8ca40) at Zend/zend.c:839
#10 0x00002ac71c1f2495 in php_request_shutdown (dummy=<value optimized out>) at main/main.c:1293
 [2007-04-29 21:14 UTC] pajoye@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

"Same error under debian GNU/Linux_x64 with php 5.2.1:"

Please try using the last 5.2 snapshot and RC. If you still have this problem:

Do you compile php yourself?
Which GD do you use? Bundled or external?
Do you have a script?

Please note that we do not support debian package but only install done from the official sources (that's true for the external libgd too, debian's libgd being everything but clean).
 [2007-04-30 08:29 UTC] mail1883947 at handymail dot org 
It still crashes.  I compiled libgd 2.0.34 and php from http://snaps.php.net/php5.2-latest.tar.gz by myself using the --enable-maintainer-zts configure flag.
The error happens on every page when the gd is accessed by two threads (probably this is the reason the crash happens in different places); when I access only one image it works well.

This example is enough to cause the crash:
http://it.php.net/manual/en/ref.image.php#60410

#0  0x00002b4117be2450 in TT_RunIns () from /usr/lib/libfreetype.so.6
#1  0x00002b4117bdb3af in ?? () from /usr/lib/libfreetype.so.6
#2  0x00002b4117bd1979 in FT_New_Size () from /usr/lib/libfreetype.so.6
#3  0x00002b4117984c58 in gdImageStringFTEx (im=0xf7e7a0, brect=0x438012d0, fg=2, fontlist=<value optimized out>, ptsize=8, angle=-0.26179938779914941, 
    x=0, y=54, string=0xdced58 "80", strex=0x0) at gdft.c:976
#4  0x00002b4117984f8b in gdImageStringFT (im=0x41, brect=0x41, fg=62, fontlist=0x3f <Address 0x3f out of bounds>, ptsize=512, angle=63302.914951680381, 
    x=0, y=0, string=0xdced58 "80") at gdft.c:811
#5  0x00002b41170be6d9 in php_imagettftext_common (ht=<value optimized out>, return_value=0xdced08, return_value_ptr=<value optimized out>, 
    this_ptr=<value optimized out>, return_value_used=<value optimized out>, tsrm_ls=0xd9ae40, mode=0, extended=0)
    at /opt/php5.2-200704300630/ext/gd/gd.c:4260
#6  0x00002b41170be768 in zif_imagettftext (ht=65, return_value=0x41, return_value_ptr=0x3e, this_ptr=0x3f, return_value_used=0, tsrm_ls=0x0)
    at /opt/php5.2-200704300630/ext/gd/gd.c:4164
#7  0x00002b41173232fc in zend_do_fcall_common_helper_SPEC (execute_data=0x43802950, tsrm_ls=0xd9ae40)
    at /opt/php5.2-200704300630/Zend/zend_vm_execute.h:200
#8  0x00002b411731098f in execute (op_array=0xc9eed0, tsrm_ls=0xd9ae40) at /opt/php5.2-200704300630/Zend/zend_vm_execute.h:92
#9  0x00002b4117322cf7 in zend_do_fcall_common_helper_SPEC (execute_data=0x43802e00, tsrm_ls=0xd9ae40)
    at /opt/php5.2-200704300630/Zend/zend_vm_execute.h:234
#10 0x00002b411731098f in execute (op_array=0xdcbef8, tsrm_ls=0xd9ae40) at /opt/php5.2-200704300630/Zend/zend_vm_execute.h:92
#11 0x00002b41172ee13a in zend_execute_scripts (type=8, tsrm_ls=0xd9ae40, retval=0x3e, file_count=3) at /opt/php5.2-200704300630/Zend/zend.c:1134
#12 0x00002b41172a329b in php_execute_script (primary_file=0x43805350, tsrm_ls=0xd9ae40) at /opt/php5.2-200704300630/main/main.c:1794
 [2007-04-30 09:37 UTC] pajoye@php.net 
"It still crashes.  I compiled libgd 2.0.34 and php from
http://snaps.php.net/php5.2-latest.tar.gz by myself using the
--enable-maintainer-zts configure flag."

Please use the bundled library. It contains more fixes and features. It also has a better thread support. To compile php using the bundled version, do:

"./configure" "--with-gd" ... instead of "--with-gd=/opt/"

It is clearly one of the thread safety fixed in 5.2.1 and 5.2.2 and only available in the bundled library. GD 2.1.0 will have them, but that does not change the golden rule: always use the bundled library :)

Cannot be fixed in php, it is not a php bug per se > bogus.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat May 04 02:01:29 2024 UTC