php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #29568 GD causes an segmentation fault
Submitted: 2004-08-08 04:29 UTC Modified: 2004-09-21 23:59 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: bram at x-plose dot be Assigned:
Status: Not a bug Package: GD related
PHP Version: 4.3.8 OS: debian
Private report: No CVE-ID: None
 [2004-08-08 04:29 UTC] bram at x-plose dot be
Description:
------------
When i open an php script that uses GD it shows an segmentation fault in error.log 

Server software: Apache/1.3.26 (deb package) (Unix) Debian GNU/Linux PHP/4.3.8 

The script is comming from php.net so i dont supose there's an error in it.

I included /usr/local/lib/php in php.ini and i added extension = gd.so

'./configure' '--with-jpeg-dir=../jpeg-6b/' '--with-pdflib' '--with-tiff-dir=../tiff-v3.6.1/' '--with-png-dir=../libpng-1.2.5/' '--with-zlib-dir=../zlib-1.1.4/' '--enable-static-pdflib' '--enable-gd-imgstrttf' '--with-gd' '--with-mysql' '--with-apxs' '--enable-fast-cgi-redirect' '--with-freetype-dir=/usr/local/freetype2/' '--with-iconv' '--with-gettext' 



Reproduce code:
---------------
<?php
   header("Content-type: image/png");
   $string = $_GET['text'];
   $im    = imagecreatefrompng("banners/bannerxplose.test.png");
   $orange = imagecolorallocate($im, 220, 210, 60);
   $px    = (imagesx($im) - 7.5 * strlen($string)) / 2;
   imagestring($im, 3, $px, 9, $string, $orange);
   imagepng($im);
   imagedestroy($im);
?>


Actual result:
--------------
I only get, Cant find server and in error.log i find
[Sun Aug  8 04:12:51 2004] [notice] child pid 24310 exit signal Segmentation fault (11)
[Sun Aug  8 04:12:51 2004] [notice] child pid 2085 exit signal Segmentation fault (11)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-08-14 03:56 UTC] bram at x-plose dot be
I tried the cvs version and when i start the program with 
gdb and run -X this happens when i call a the script:

GNU gdb 6.1-debian
This GDB was configured as "i386-linux"...Using host libthread_db library "/lib/libthread_db.so.1".

(gdb) run -X
Starting program: /usr/local/apache2/bin/httpd -X
[Thread debugging using libthread_db enabled]
[New Thread 1024 (LWP 2163)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 2163)]
0x00000019 in ?? ()

the bt shows this:

(gdb) bt
#0  0x00000019 in ?? ()
#1  0x405a4302 in png_create_struct_2 (type=2, malloc_fn=0x19, mem_ptr=0x5a5a5a5a) at pngmem.c:351
#2  0x4063c168 in png_create_info_struct () from /usr/local/lib/libpng.so.3
#3  0x40388faf in gdImageCreateFromPngCtx (infile=0x82814ac)
    at /var/src/webserv/php4-STABLE-200408132230/ext/gd/libgd/gd_png.c:149
#4  0x40388e44 in gdImageCreateFromPng (inFile=0x82819f8)
    at /var/src/webserv/php4-STABLE-200408132230/ext/gd/libgd/gd_png.c:90
#5  0x403706bc in _php_image_create_from (ht=1, return_value=0x8281824, this_ptr=0x0, return_value_used=1, image_type=2,
    tn=0x404e74c7 "PNG", func_p=0x40388e10 <gdImageCreateFromPng>, ioctx_func_p=0x40388ed0 <gdImageCreateFromPngCtx>)
    at /var/src/webserv/php4-STABLE-200408132230/ext/gd/gd.c:1470
#6  0x4037083d in zif_imagecreatefrompng (ht=1, return_value=0x8281824, this_ptr=0x0, return_value_used=1)
    at /var/src/webserv/php4-STABLE-200408132230/ext/gd/gd.c:1516
#7  0x404d4ab2 in execute (op_array=0x82cea34) at /var/src/webserv/php4-STABLE-200408132230/Zend/zend_execute.c:1640
#8  0x404c15d4 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /var/src/webserv/php4-STABLE-200408132230/Zend/zend.c:891
#9  0x4048578c in php_execute_script (primary_file=0xbffff79c) at /var/src/webserv/php4-STABLE-200408132230/main/main.c:1734
#10 0x404db4bc in php_handler (r=0x82e1b70)
    at /var/src/webserv/php4-STABLE-200408132230/sapi/apache2handler/sapi_apache2.c:540
#11 0x080ae589 in ap_run_handler (r=0x82e1b70) at config.c:151
#12 0x080aead3 in ap_invoke_handler (r=0x82e1b70) at config.c:358
#13 0x08096ae6 in ap_process_request (r=0x82e1b70) at http_request.c:246
#14 0x08092a6a in ap_process_http_connection (c=0x8264510) at http_core.c:250
#15 0x080b7a98 in ap_run_process_connection (c=0x8264510) at connection.c:42
#16 0x080b7d5c in ap_process_connection (c=0x8264510, csd=0x8264438) at connection.c:175
#17 0x080ad210 in child_main (child_num_arg=0) at prefork.c:609
#18 0x080ad2cc in make_child (s=0x81d1500, slot=0) at prefork.c:649
#19 0x080ad3c1 in startup_children (number_to_start=40) at prefork.c:721
#20 0x080ad6c3 in ap_mpm_run (_pconf=0x8193e90, plog=0x81cbf70, s=0x81d1500) at prefork.c:940
#21 0x080b2e7e in main (argc=2, argv=0xbffffb84) at main.c:617
 [2004-08-16 08:40 UTC] derick@php.net
SOunds like the famous libpng 1.0/libpng 1.2 incompatibility. Which version are you using?
 [2004-08-16 14:00 UTC] bram at x-plose dot be
i'm using version libpng-1.2.5 
 
How can i fix the problem?
 [2004-09-21 10:27 UTC] reg_php at nilsson dot tv
pdflib uses a bundled version of png (old version), which makes php (using newer png) crash. Either remove --with-pdf when compling PHP, or compile pdflib with "--with-pnglib --with-zlib" to make pdflib use the newer png version.
 [2004-09-21 23:59 UTC] derick@php.net
Sounds plausible, and not a bug then.
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Wed Nov 14 15:01:27 2018 UTC