php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #49193 gd_compat > gdJpegGetVersionString should return const char* not int
Submitted: 2009-08-07 17:14 UTC Modified: 2009-08-09 13:16 UTC
From: th at drillich dot com Assigned:
Status: Closed Package: GD related
PHP Version: 5.3.0 OS: All 64Bit systems
Private report: No CVE-ID:
 [2009-08-07 17:14 UTC] th at drillich dot com
Description:
------------
In gd_compat.[hc]

gdJpegGetVersionString() is declared as returning int not const
char*, but sizeof(int) != sizeof(const char*) on some systems like
here sizeof(int) == 4 and sizeof(const char*) == 8.

this causes a segfault on phpinfo().
cu thomas

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f996e9c3740 (LWP 17235)]
strlen () at ../sysdeps/x86_64/strlen.S:48
48      ../sysdeps/x86_64/strlen.S: No such file or directory.
        in ../sysdeps/x86_64/strlen.S
Current language:  auto; currently asm
(gdb) bt
#0  strlen () at ../sysdeps/x86_64/strlen.S:48
#1  0x00007f9969a207c8 in format_converter (odp=0x7fff76a001f0,
fmt=0x7f9964f364d0 "s", ap=0x7fff76a00150) at
src/php5/php5-5.3.0/main/snprintf.c:964
#2  0x00007f9969a213ac in strx_printv (ccp=0x7fff76a0020c,
buf=0x7f996e9c36f0 "(X\206n\231\177", len=1990197800,
format=0x7f9964f364cf "%s", ap=0x0)
    at src/php5/php5-5.3.0/main/snprintf.c:1211
#3  0x00007f9969a21554 in ap_php_snprintf (buf=0x7fff76a002db "",
len=1855731440, format=0x0) at
src/php5/php5-5.3.0/main/snprintf.c:1256
#4  0x00007f9964f32b44 in zm_info_gd (zend_module=0x13c2bb0) at
src/php5/php5-5.3.0/ext/gd/gd.c:1296
#5  0x00007f99699c06e0 in _display_module_info_func
(module=0x64f37878) at src/php5/php5-5.3.0/ext/standard/info.c:123
#6  0x00007f9969a7c6d5 in zend_hash_apply (ht=0x7fff76a00520,
apply_func=0x7f99699c06d0 <_display_module_info_func>)
    at src/php5/php5-5.3.0/Zend/zend_hash.c:673
#7  0x00007f99699c1a5a in php_print_info (flag=32767) at
src/php5/php5-5.3.0/ext/standard/info.c:903
#8  0x00007f99699c1e61 in zif_phpinfo (ht=1693677688,
return_value=0x130f858, return_value_ptr=0x7fff76a00228,
this_ptr=0x0, return_value_used=-16843009)
    at src/php5/php5-5.3.0/ext/standard/info.c:1217
#9  0x00007f9969ac1e5b in zend_do_fcall_common_helper_SPEC
(execute_data=0x7f996a17c580) at
src/php5/php5-5.3.0/Zend/zend_vm_execute.h:313
#10 0x00007f9969a9b299 in execute (op_array=0x130eea8) at
src/php5/php5-5.3.0/Zend/zend_vm_execute.h:104
#11 0x00007f9969a700c1 in zend_execute_scripts (type=0,
retval=0x7fff76a00770, file_count=3) at
src/php5/php5-5.3.0/Zend/zend.c:1188
#12 0x00007f9969a1c805 in php_execute_script (primary_file=Cannot
access memory at address 0x8000769ff690
) at src/php5/php5-5.3.0/main/main.c:2196
#13 0x00007f9969afa775 in php_handler (r=0x43c055) at
src/php5/php5-5.3.0/sapi/apache2handler/sapi_apache2.c:663
#14 0x000000000043b8d3 in ap_run_handler ()
#15 0x000000000043ee9f in ap_invoke_handler ()
#16 0x000000000044c11e in ap_process_request ()
#17 0x0000000000449158 in ?? ()
#18 0x0000000000442dd3 in ap_run_process_connection ()
#19 0x0000000000450720 in ?? ()
#20 0x0000000000450a38 in ?? ()
#21 0x0000000000451050 in ap_mpm_run ()
#22 0x0000000000428425 in main ()
(gdb)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-08-08 16:49 UTC] th at drillich dot com
Here's the patch which fixes the bug:

---
php5-5.3.0/ext/gd/libgd/gd_compat.hgdJpegGetVersionString_returnsInt
2009-08-07 19:09:40.000000000 +0200
+++ php5-5.3.0/ext/gd/libgd/gd_compat.h	2009-08-07 19:09:54.000000000
+0200
@@ -8,7 +8,7 @@
 #endif
 
 const char * gdPngGetVersionString();
-int gdJpegGetVersionString();
+const char * gdJpegGetVersionString();
 int gdJpegGetVersionInt();
 int overflow2(int a, int b);
 
---
php5-5.3.0/ext/gd/libgd/gd_compat.c.gdJpegGetVersionString_returnsInt
2009-08-07 19:09:07.000000000 +0200
+++ php5-5.3.0/ext/gd/libgd/gd_compat.c	2009-08-07 19:10:11.000000000
+0200
@@ -14,7 +14,7 @@
 	return JPEG_LIB_VERSION;
 }
 
-int gdJpegGetVersionString()
+const char * gdJpegGetVersionString()
 {
 	switch(JPEG_LIB_VERSION) {
 		case 62:
 [2009-08-09 13:15 UTC] svn@php.net
Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&revision=286948
Log: Fixed bug #49193 (gdJpegGetVersionString() inside gd_compact identifies wrong type in declaration)
 [2009-08-09 13:16 UTC] svn@php.net
Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&revision=286949
Log: MFB: Fixed bug #49193 (gdJpegGetVersionString() inside gd_compact identifies wrong type in declaration)
 [2009-08-09 13:16 UTC] iliaa@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 17:01:54 2014 UTC