php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #46433 imagecreatefrom(...) leaks memory on errors
Submitted: 2008-10-30 16:42 UTC Modified: 2009-06-16 16:36 UTC
From: ak at pre-secure dot de Assigned: pajoye (profile)
Status: Not a bug Package: GD related
PHP Version: 5.2.9 OS: Linux (OpenSUSE)
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ak at pre-secure dot de
New email:
PHP Version: OS:

 

 [2008-10-30 16:42 UTC] ak at pre-secure dot de 
Description:
------------
When trying to create an image from a file and an error occures PHP will lose some memory. 

Reproduce code:
---------------
while(true) {
    print "\nMemory: ".memory_get_usage();
    imagecreatefrompng("anyimage.png");
}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-10-30 16:49 UTC] crrodriguez at opensuse dot org 
memory usage is constant for me, are you sure you are using version 5.2.6 ?
 [2008-10-30 16:49 UTC] felipe@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

I can't reproduce it using 5.2.7CVS.
 [2008-10-31 13:20 UTC] ak at pre-secure dot de 
I have to admit that my initial bugreport is a litte bit too unspecific. 

The memory problem only occures if the image is "tainted", f.e. taking a valid png and change a arbitrary line in the source. 

This will result in an error like this:
PHP Warning:  imagecreatefrompng(): gd-png:  fatal libpng error: IDAT: CRC error in  ----
and a rapid growth of the memory usage.
 [2008-10-31 13:42 UTC] pajoye@php.net 
Please provide an example image (link to it or drop me a mail).
 [2008-10-31 13:43 UTC] ak at pre-secure dot de 
Seems to be fixed with the newest snapshot. Cannot reproduce it anymore.
 [2008-10-31 13:45 UTC] pajoye@php.net 
not a bug > bogus
 [2009-06-11 13:11 UTC] ak at pre-secure dot de 
I was able to reproduce the Problem with the current release. It occurs if you try to open an image with an crc error.

Reproduce code:
---------------
while(true) {
    print "\nMemory: ".memory_get_usage();
    imagecreatefrompng("anyimage.png");
}

Image:
--------------
http://drahop.de/php/anyimage.png
 [2009-06-11 13:17 UTC] pajoye@php.net 
Run a single pass through valgrind please.
 [2009-06-16 13:35 UTC] ak at pre-secure dot de 
==18171== Memcheck, a memory error detector.
==18171== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==18171== Using LibVEX rev 1854, a library for dynamic binary translation.
==18171== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==18171== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==18171== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==18171== For more details, rerun with: -v
==18171==

Memory: 104664PHP Warning:  imagecreatefrompng(): gd-png:  fatal libpng error: IDAT: CRC error in /srv/www/htdocs/ak/memtest.php on line 5
PHP Warning:  imagecreatefrompng(): gd-png error: setjmp returns error condition in /srv/www/htdocs/ak/memtest.php on line 5
PHP Warning:  imagecreatefrompng(): 'anyimage.png' is not a valid PNG file in /srv/www/htdocs/ak/memtest.php on line 5
==18171==
==18171== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 96 from 2)
==18171== malloc/free: in use at exit: 7,917 bytes in 15 blocks.
==18171== malloc/free: 13,027 allocs, 13,012 frees, 4,751,157 bytes allocated.
==18171== For counts of detected errors, rerun with: -v
==18171== searching for pointers to 15 not-freed blocks.
==18171== checked 525,192 bytes.
==18171==
==18171== LEAK SUMMARY:
==18171==    definitely lost: 0 bytes in 0 blocks.
==18171==      possibly lost: 0 bytes in 0 blocks.
==18171==    still reachable: 7,917 bytes in 15 blocks.
==18171==         suppressed: 0 bytes in 0 blocks.
==18171== Rerun with --leak-check=full to see details of leaked memory.
 [2009-06-16 15:14 UTC] pajoye@php.net 
==18171== ERROR SUMMARY: 0 errors from 0 contexts

No error. Still bogus.
 [2009-06-16 15:42 UTC] ak at pre-secure dot de 
Did you at least try to reproduce it? I tested it on various machines with the given script and image. It will crash in no time cause it allocates to much memory.
 [2009-06-16 16:16 UTC] pajoye@php.net 
I already said that it was working here.

pierre@ubuntu:~/cvs/php53/bld$ ./sapi/cli/php -r "imagecreatefrompng('http://drahop.de/php/anyimage.png');"

Warning: imagecreatefrompng(): gd-png:  fatal libpng error: IDAT: CRC error in Command line code on line 1

Warning: imagecreatefrompng(): gd-png error: setjmp returns error condition in Command line code on line 1

Warning: imagecreatefrompng(): 'http://drahop.de/php/anyimage.png' is not a valid PNG file in Command line code on line 1

There is no error either through valgrind.

And yes, the memory usage of PHP MM increases as you keep creating errors, but the memory is freed when it exits >> no leak.

If you read the valgrind output you pasted here, you will see that it did not find any error either...
 [2009-06-16 16:36 UTC] derick@php.net 
I can't reproduce this either, the memory usage stays at 8208.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun May 19 18:01:33 2024 UTC