|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2005-08-23 23:21 UTC] pajoye@php.net
[2005-08-24 02:39 UTC] david at acz dot org
[2005-08-24 11:34 UTC] sniper@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Fri May 03 22:01:33 2024 UTC |
Description: ------------ PHP sometimes crashes when calling the PHP function imagettftext(). It crashes because gdCacheGet() is passed and dereferences a NULL pointer. './configure' '--with-apxs2=/vm/apache2/bin/apxs' '--disable-debug' '--with-zlib' '--with-bzip2' '--enable-ftp' '--with-curl' '--enable-bcmath' '--enable-sockets' '--enable-pcntl' '--with-xml' '--with-openssl' '--with-cdb' '--with-mcrypt' '--without-mysql' '--with-oci8' '--enable-sigchild' '--enable-exif' '--with-gd' '--with-jpeg-dir=/usr/local' '--with-png' '--with-freetype-dir=/usr/local' '--with-readline' gd GD Support enabled GD Version bundled (2.0.28 compatible) FreeType Support enabled FreeType Linkage with freetype GIF Read Support enabled GIF Create Support enabled JPG Support enabled PNG Support enabled WBMP Support enabled XBM Support enabled Reproduce code: --------------- I cannot reproduce the crash consistently enough to provide a simple example. Expected result: ---------------- N/A Actual result: -------------- (gdb) bt #0 0x40498bbc in gdCacheGet (head=0x0, keydata=0x41feb344) at /tmp/php-4.4.0/ext/gd/libgd/gdcache.c:101 #1 0x40497f7f in gdImageStringFTEx (im=0x85717b4, brect=0x41fec47c, fg=3355443, fontlist=0x0, ptsize=8, angle=0, x=14, y=61, string=0x8506a5c "everything with ABC Advertiser.", strex=0x0) at /tmp/php-4.4.0/ext/gd/libgd/gdft.c:868 #2 0x40497e29 in gdImageStringFT (im=0x85717b4, brect=0x41fec47c, fg=3355443, fontlist=0x852811c "lpfont/Arial-Roman.ttf", ptsize=8, angle=0, x=14, y=61, string=0x8506a5c "everything with ABC Advertiser.") at /tmp/php-4.4.0/ext/gd/libgd/gdft.c:808 #3 0x4048a9ef in php_imagettftext_common (ht=1078556464, return_value=0x848569c, this_ptr=0x0, return_value_used=0, tsrm_ls=0x82a2d90, mode=0, extended=0) at /tmp/php-4.4.0/ext/gd/gd.c:3104 #4 0x4048a693 in zif_imagettftext (ht=8, return_value=0x848569c, this_ptr=0x0, return_value_used=0, tsrm_ls=0x82a2d90) at /tmp/php-4.4.0/ext/gd/gd.c:3010 #5 0x40572269 in execute (op_array=0x850d228, tsrm_ls=0x82a2d90) at /tmp/php-4.4.0/Zend/zend_execute.c:1672 #6 0x40571f9f in execute (op_array=0x843b408, tsrm_ls=0x82a2d90) at /tmp/php-4.4.0/Zend/zend_execute.c:1716 #7 0x40571f9f in execute (op_array=0x843a8d4, tsrm_ls=0x82a2d90) at /tmp/php-4.4.0/Zend/zend_execute.c:1716 #8 0x4056345a in zend_execute_scripts (type=8, tsrm_ls=0x82a2d90, retval=0x0, file_count=3) at /tmp/php-4.4.0/Zend/zend.c:938 #9 0x40538753 in php_execute_script (primary_file=0x41ff486c, tsrm_ls=0x82a2d90) at /tmp/php-4.4.0/main/main.c:1751 #10 0x40576f88 in php_handler (r=0x82cb3e8) at /tmp/php-4.4.0/sapi/apache2handler/sapi_apache2.c:555 #11 0x0809a6b6 in ap_run_handler (r=0x82cb3e8) at config.c:153 #12 0x0809ac88 in ap_invoke_handler (r=0x82cb3e8) at config.c:364 #13 0x0808659f in ap_process_request (r=0x82cb3e8) at http_request.c:249 #14 0x080820d9 in ap_process_http_connection (c=0x82c3ad0) at http_core.c:251 #15 0x080a4d06 in ap_run_process_connection (c=0x82c3ad0) at connection.c:43 (gdb) frame 0 #0 0x40498bbc in gdCacheGet (head=0x0, keydata=0x41feb344) at /tmp/php-4.4.0/ext/gd/libgd/gdcache.c:101 101 elem = head->mru; (gdb) frame 1 #1 0x40497f7f in gdImageStringFTEx (im=0x85717b4, brect=0x41fec47c, fg=3355443, fontlist=0x0, ptsize=8, angle=0, x=14, y=61, string=0x8506a5c "everything with ABC Advertiser.", strex=0x0) at /tmp/php-4.4.0/ext/gd/libgd/gdft.c:868 868 font = (font_t *) gdCacheGet (fontCache, &fontkey); (gdb) frame 2 #2 0x40497e29 in gdImageStringFT (im=0x85717b4, brect=0x41fec47c, fg=3355443, fontlist=0x852811c "lpfont/Arial-Roman.ttf", ptsize=8, angle=0, x=14, y=61, string=0x8506a5c "everything with ABC Advertiser.") at /tmp/php-4.4.0/ext/gd/libgd/gdft.c:808 808 return gdImageStringFTEx(im, brect, fg, fontlist, ptsize, angle, x, y, string, 0); (gdb) frame 3 #3 0x4048a9ef in php_imagettftext_common (ht=1078556464, return_value=0x848569c, this_ptr=0x0, return_value_used=0, tsrm_ls=0x82a2d90, mode=0, extended=0) at /tmp/php-4.4.0/ext/gd/gd.c:3104 3104 error = gdImageStringFT(im, brect, col, fontname, ptsize, angle, x, y, str); (gdb) frame 4 #4 0x4048a693 in zif_imagettftext (ht=8, return_value=0x848569c, this_ptr=0x0, return_value_used=0, tsrm_ls=0x82a2d90) at /tmp/php-4.4.0/ext/gd/gd.c:3010 3010 php_imagettftext_common(INTERNAL_FUNCTION_PARAM_PASSTHRU, TTFTEXT_DRAW, 0); (gdb) frame 5 #5 0x40572269 in execute (op_array=0x850d228, tsrm_ls=0x82a2d90) at /tmp/php-4.4.0/Zend/zend_execute.c:1672 1672 ((zend_internal_function *) EX(function_state).function)->handler(EX(opline)->extended_value, EX(Ts)[EX(opline)->result.u.var].var.ptr, EX(object).ptr, return_value_used TSRMLS_CC);