PHP :: Bug #28263 :: PNG image generation causes Segmentation Fault

Bug #28263

PNG image generation causes Segmentation Fault

Submitted:

2004-05-03 19:22 UTC

Modified:

2004-06-29 21:08 UTC

Votes:	2
Avg. Score:	3.5 ± 1.5
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	1 (50.0%)

From:

Rich dot West at wesmo dot com

Assigned:

pajoye (profile)

Status:

Not a bug

Package:

GD related

PHP Version:

4.3.6

OS:

Fedora Core 1

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2004-05-03 19:22 UTC] Rich dot West at wesmo dot com

Description:
------------
After upgrading from PHP 4.3.3 to 4.3.5, and then again to 4.3.6, I discovered that image generation calls to create PNG files were producing zero length images.

I dug through it further by testing with the CLI version of PHP, and it appears that if a PNG image is being created, the process with segfault.

I was able to compile PHP 4.3.3 on this machine using the configure options below, and, after running the test script through php, it would properly output a PNG file.

Using the same configure options for PHP 4.3.5 and PHP 4.3.6, the operation segfaults (and creates a core file) when creating a PNG file.  It works just fine when creating a JPEG file.

I can consistently get things to work for PHP 4.3.3 and I can consistently get it to NOT work for PHP 4.3.5 and PHP 4.3.6...

Oh, and, yes, my GD and libpng10/libpng libraries are linked properly..

From phpinfo():
'./configure' '--host=i686-pc-linux-gnu' '--build=i686-pc-linux-gnu' '--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=../config.cache' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--enable-force-cgi-redirect' '--disable-debug' '--enable-pic' '--disable-rpath' '--enable-inline-optimization' '--with-bz2' '--with-db4=/usr' '--with-curl' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--with-gd' '--enable-gd-native-ttf' '--with-gdbm' '--with-gettext' '--with-ncurses' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-png' '--with-pspell' '--with-regex=system' '--with-xml' '--with-expat-dir=/usr' '--with-dom=shared,/usr' '--with-dom-xslt=/usr' '--with-dom-exslt=/usr' '--with-xmlrpc=shared' '--with-pcre=/usr' '--with-zlib' '--with-layout=GNU' '--enable-bcmath' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-safe-mode' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-discard-path' '--enable-track-vars' '--enable-trans-sid' '--enable-yp' '--enable-wddx' '--without-oci8' '--with-pear=/usr/share/pear' '--with-imap=shared' '--with-imap-ssl' '--with-kerberos' '--with-ldap=shared' '--with-pdflib' '--with-mysql=shared,/usr' '--with-pgsql=shared' '--with-snmp=shared,/usr' '--with-snmp=shared' '--enable-ucd-snmp-hack' '--with-unixODBC=shared' '--enable-memory-limit' '--enable-bcmath' '--enable-shmop' '--enable-calendar' '--enable-dbx' '--enable-dio' '--enable-mcal' '--enable-mbstring' '--enable-mbstr-enc-trans' '--enable-mbregex' '--with-apxs2=/usr/sbin/apxs'

Reproduce code:
---------------
<?php
   header("Content-type: image/png");
   $string = "Test";
   $im    = imagecreatefrompng("image.png");
   $orange = imagecolorallocate($im, 220, 210, 60);
   $px    = (imagesx($im) - 7.5 * strlen($string)) / 2;
   imagestring($im, 3, $px, 9, $string, $orange);
   imagepng($im);
   imagedestroy($im);
?> 

Expected result:
----------------
Result should have been a PNG image.

Actual result:
--------------
#0  0x00002009 in ?? ()
#1  0x00f1d850 in png_create_struct_2 () from /usr/lib/libpdf.so.1
#2  0x00997dcd in png_create_info_struct () from /usr/lib/libpng12.so.0
#3  0x080c1b72 in gdImageCreateFromPngCtx ()
#4  0x080c1a61 in gdImageCreateFromPng ()
#5  0x080af917 in zif_imagecreatefromstring ()
#6  0x080afbea in zif_imagecreatefrompng ()
#7  0x0a11aa34 in ?? ()

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-05-06 14:40 UTC] iliaa@php.net

Please provide the source image.

[2004-05-06 16:54 UTC] Rich dot West at wesmo dot com

Any PNG image will do it.

I woul attach it, but there's no interface here to attach the images that I tested with.

[2004-05-07 00:58 UTC] scottmacvicar at ntlworld dot com

I had the same problem using the latest releases of libpng and had to go back to an older version. It would happen for any png image.

Was using Red Hat Enterprise

[2004-05-07 03:01 UTC] Rich dot West at wesmo dot com

What version of libpng did you back down to?  I have no problems trying that out. :)

[2004-05-07 11:04 UTC] pajoye@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

Hello,

Cannot reproduce, please try with a snapshot.

I also use libpng-1.2.2 (which is available since this week through yum in fdc1).

--Pierre

[2004-05-15 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

[2004-05-15 01:47 UTC] Rich dot West at wesmo dot com

Still open.  I was at a training class and unable to test.

I will test it this weekend.

[2004-05-15 06:30 UTC] magnus@php.net

Change status when you give the feedback asked for.

[2004-05-23 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

[2004-05-27 13:00 UTC] duh at dowebwedo dot com

I am experiencing the same bug since we upgraded from php 4.3.5 tot 4.3.6, 4.3.7 and the latest snapshot (php4-STABLE-200405270830). I have backtraced the point to where php crashes and that is the imagecreatefrompng function:

...
eval(sprintf("\$this->image = imagecreatefrom%s(\$this->image_file);",$this->ext2func[$image_type]));
...

(note: i use eval in my class to dynamically open images; however without the evaluation the function still kills my application)

However downgrading back to php-4.3.5 does not seem to solve the problem.

We are running debian stable with all recent upgrades (libpng etc) with apache (1.3.29) and php and compiled php with the following configure command:

'./configure' '--with-pgsql' '--with-apxs=/www/bin/apxs' '--with-gd' '--with-png-dir' '--with-freetype-dir' '--with-jpeg-dir' '--with-pear' '--with-zlib-dir' '--enable-track-vars' '--enable-trans-sid' '--disable-posix-threads' '--enable-shared' '--enable-exif' '--enable-memory-limit' 

I hope this bug will be fixed soon.

Grtz, Jeroen

[2004-05-27 22:01 UTC] pajoye@php.net

#1  0x00f1d850 in png_create_struct_2 () from /usr/lib/libpdf.so.1

I'm wondering what the libpdf does here...

Please check your install. The original script works with  php4 and php5 HEAD and latest RC.

Possible sources of problems:
- You did not update the -devel package for libpng
- --with-png-dir=DIR, DIR is not optionnal. Same for jpeg 
  or freetype
- Be sure you do not have the GD lib installed in your
  system. Use only the bundled one.

I set it back to bogus. As it works on 3 different FC1 (and on FC2) without problems. I feel your problem as an install issue only.

--Pierre

[2004-05-28 05:23 UTC] Rich dot West at wesmo dot com

I'll check the latest HEAD from CVS.

libpdf was compiled in with --with-libpdf.  Not sure why it would show up in that particular traceback, though.

> Possible sources of problems:
> - You did not update the -devel package for libpng
> - --with-png-dir=DIR, DIR is not optionnal. Same for jpeg 
>   or freetype
> - Be sure you do not have the GD lib installed in your
>   system. Use only the bundled one.

From the first posting, it clearly shows --with-png-dir=/usr and --with-gd.  I thought we got past that whole part.

I'll test it from the latest CVS HEAD branch as you originally suggested on May 27th, but it is unlikely an installation issue since, as the thread shows, it works with the same libpng libraries if compiled with 4.3.3.  Anything later, such as 4.3.5 and 4.3.6, does not work.

[2004-06-21 23:20 UTC] Rich dot West at wesmo dot com

I tried the same process against 4.3.7 today, and the result was the same. :(  No PNG image. :(

Yes, the libpng and libpng-devel packages are in sync with one another, and yes, the system has the GD libraries installed, and, yes, PHP was compiled it use the bundled GD library rather than the system-wide one.

I can get this to work when building 4.3.3, but not with 4.3.5/6/7.  I've moved libpdf out to a DSO rather than compiling it in, but it made little difference. :(

I'm trying a complete package rebuild using the SRPM from the FC1 updates to see if that will help..

[2004-06-22 01:35 UTC] Rich dot West at wesmo dot com

Fixed!

I rebuilt the whole package based upon the 4.3.6 SRPM, updated it for 4.3.7, and viola!  It works!

[2004-06-22 07:45 UTC] derick@php.net

Not a bug in PHP then, so marking it "bogus".

[2004-06-28 17:11 UTC] ajp at aripollak dot com

So what's different about the SRPM? This happens for me on RH9 with libpng 1.2.2-20 too.

[2004-06-29 21:08 UTC] Rich dot West at wesmo dot com

I pulled the 4.3.6 SRPM from the Fedora Core 2 distro and built it under Fedora Core 1.  I noticed a number of changes with regards to the patches and other minor stuff.

Other than that, I have no idea.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri May 03 15:01:31 2024 UTC